Overview

overview

10

Static

static

1

invoice.txt.ps1

windows7-x64

1

invoice.txt.ps1

windows10-2004-x64

10

Resubmissions

22-03-2023 16:49

230322-vbydqaca4v 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice.txt.ps1

  • Size

    2.8MB

  • Sample

    230322-vbydqaca4v

  • MD5

    a916869f41b3aada64fa6ef5adf38bf3

  • SHA1

    cf899f8bd138c77f7db36ed334d6db4e88e4f5ac

  • SHA256

    8d76fd3a85e5ed34c65b358c92f2f7fb7454c3417131ef156e6f33d01463d4ee

  • SHA512

    a303dbcb42732a4f7818c7abcdabc0ce68a291306073f44178d1c5da7b3825a6ce7aa2094ebc8989ef00fe394da85da21038e8472fbe6bf9e212d6237ca39724

  • SSDEEP

    49152:lO+AAoPeH7UjX4Rsqmoe6UDsfSl97xH69WbZtar:T

Score
10/10
netsupportpersistencerat

Malware Config

Targets

    • Target

      invoice.txt.ps1

    • Size

      2.8MB

    • MD5

      a916869f41b3aada64fa6ef5adf38bf3

    • SHA1

      cf899f8bd138c77f7db36ed334d6db4e88e4f5ac

    • SHA256

      8d76fd3a85e5ed34c65b358c92f2f7fb7454c3417131ef156e6f33d01463d4ee

    • SHA512

      a303dbcb42732a4f7818c7abcdabc0ce68a291306073f44178d1c5da7b3825a6ce7aa2094ebc8989ef00fe394da85da21038e8472fbe6bf9e212d6237ca39724

    • SSDEEP

      49152:lO+AAoPeH7UjX4Rsqmoe6UDsfSl97xH69WbZtar:T

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks