netsupport | bacc798e623adf55c0c51a76552c99776b9c25cdfd721b719c28148dfab099a7 | Triage

Sharing

General

Target

173672cca610f58caaeca8a2d61b8e98
Size

2.3MB
Sample

230323-ghggwsdg76
MD5

173672cca610f58caaeca8a2d61b8e98
SHA1

4a39addcc787d70993723a4228233601f3e01cbe
SHA256

bacc798e623adf55c0c51a76552c99776b9c25cdfd721b719c28148dfab099a7
SHA512

529d8f6a9f86c4485857dab64bf56ad27a49db6eda5b460b81b91d5187557592b82eaad942d8b522711353a0ce6f30fee7d6760aec17f283aca126fdab599d0b
SSDEEP

49152:BZz196RF6Dm6ThBo37cWi2srl0SNjVwEKLxhOBuY+tbviO:/z1qMVThe37cWqdKLfO4Ye

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  173672cca610f58caaeca8a2d61b8e98
- Size
  
  2.3MB
- MD5
  
  173672cca610f58caaeca8a2d61b8e98
- SHA1
  
  4a39addcc787d70993723a4228233601f3e01cbe
- SHA256
  
  bacc798e623adf55c0c51a76552c99776b9c25cdfd721b719c28148dfab099a7
- SHA512
  
  529d8f6a9f86c4485857dab64bf56ad27a49db6eda5b460b81b91d5187557592b82eaad942d8b522711353a0ce6f30fee7d6760aec17f283aca126fdab599d0b
- SSDEEP
  
  49152:BZz196RF6Dm6ThBo37cWi2srl0SNjVwEKLxhOBuY+tbviO:/z1qMVThe37cWqdKLfO4Ye
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2