netsupport | 14072a3c84df1196b77f73565c0e0c26760cba4f83eeee2c654fc6a5925174e0 | Triage

Sharing

General

Target

8ec96a074255b7e90ae95d772c3b89e23289958eec3649ee26ca4071b3e66e9c.zip
Size

2.0MB
Sample

230321-r19aqsbc84
MD5

fbcf471fa3638480a2e84295c8755aa1
SHA1

1a3b71416adf4791d70daddc3a1dabf328d3352e
SHA256

14072a3c84df1196b77f73565c0e0c26760cba4f83eeee2c654fc6a5925174e0
SHA512

491dfa906386d2eed0dca9f9126cec827982b23c01caf771c85d26f0a05ca28aecb10af6e95e87385619ee3d625a110482bd12fd87fa62f29fb41bd9459ddee2
SSDEEP

24576:57HF+VnaM1DIWhMyncA+N0yHquqsDOu0wVSNOhxLK3/QYk1mJ4IjBIpLNycbxFUy:pHqrHMZRRtANOhx2QYkIjhcdFUIEaX5

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  8ec96a074255b7e90ae95d772c3b89e23289958eec3649ee26ca4071b3e66e9c.exe
- Size
  
  2.3MB
- MD5
  
  2344df683dc8295da9e132d132083a26
- SHA1
  
  de94138ee8c7724089ef9faa80b8453c0b3986a3
- SHA256
  
  8ec96a074255b7e90ae95d772c3b89e23289958eec3649ee26ca4071b3e66e9c
- SHA512
  
  83a5270c189a78fd6415488a01c16010e944b17ad23f42cc31d1d19f0e4bdece27e10cf385affe4e3eca61ebb273690824de0c18a119b59409d77d21b31c3486
- SSDEEP
  
  49152:5ypEkkYclR4EpZeJyKn20ZvtV4RuK52Z+bm9pg6tUywG6EjXpp/7:5vkJclR4oeJy2NNt+Jpbm9aOOOr/7
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2