Overview

overview

10

Static

static

1

4689feea37...73.exe

windows7-x64

10

4689feea37...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4689feea371ab0b27c3b7760ad99d3d587e770b36403fcaf795e4a5c17bef173.zip

  • Size

    2.3MB

  • Sample

    230321-r18n7sdd6y

  • MD5

    0b4aee48210787481ab8684f459a8573

  • SHA1

    2eab21b96a136ff2c9393cd671b6d64401fcf9d5

  • SHA256

    c861e309bc11fdecd440b981d693e824cd67240d68a0d0d79b91887e1c64f492

  • SHA512

    aaabb88f76545e444cbeb50210655f1d49e93918a357b0e70e49c9a86a3807689ebd1897b4d494ac582c0d2dcc33720353260dbb4f8baa0515e34ef96014a1f3

  • SSDEEP

    49152:dOxUjDzz6285KLObdoCzkauY8gTIVSh2OVlglyKz1/G1iSTyv:oxUjDzzCXbdoCAauIUVSh2UlglFz+iEM

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      4689feea371ab0b27c3b7760ad99d3d587e770b36403fcaf795e4a5c17bef173.exe

    • Size

      2.6MB

    • MD5

      92d8cace3f5be94d54700290a22b01ab

    • SHA1

      08feb65fdcd6a8284297461c1afced9f769134c9

    • SHA256

      4689feea371ab0b27c3b7760ad99d3d587e770b36403fcaf795e4a5c17bef173

    • SHA512

      85b86a20a3f52a347ee31f0cfd7f9a34f9a624ca07f5c94b4ad56841162a9d73606ee1f7ed85c065e3262b73616d1a2618f1c10f0ad483dd1884de1ca5c0b07c

    • SSDEEP

      49152:RJso4ozTdxkp92TMp2OX5yadksH1dSXnnGz2pU8E8SDJI4x:Reo5d6Ugp2IyadJH1dSXnGz2pU8Aaw

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks