Overview

overview

10

Static

static

1

359dc605a7...c2.exe

windows7-x64

10

359dc605a7...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    359dc605a71b25b69d2e7673202c79c2.exe

  • Size

    2.1MB

  • Sample

    230326-klez1shh5z

  • MD5

    359dc605a71b25b69d2e7673202c79c2

  • SHA1

    e915fd1a5f8483991069cc41abf872489faa7a19

  • SHA256

    12cda2b4c69e83ff66a7e583597e6182cc95211c305829b586301906e6351949

  • SHA512

    679cdcbaefd73ed866e9e1c8650a8922544acc530c7db792d23bda086d040f35c9665736f1b8d4efbf4456213dec3468a330350bcfcd1acef8810ace0764f3a3

  • SSDEEP

    49152:tt6iaPw71zyI2im0OoGZ3/uHOo8PWVjnJEZGVuuRkKsN/CrgjNQ:tt6iaPw71zP2ib7TaW7EZGUQvsAONQ

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      359dc605a71b25b69d2e7673202c79c2.exe

    • Size

      2.1MB

    • MD5

      359dc605a71b25b69d2e7673202c79c2

    • SHA1

      e915fd1a5f8483991069cc41abf872489faa7a19

    • SHA256

      12cda2b4c69e83ff66a7e583597e6182cc95211c305829b586301906e6351949

    • SHA512

      679cdcbaefd73ed866e9e1c8650a8922544acc530c7db792d23bda086d040f35c9665736f1b8d4efbf4456213dec3468a330350bcfcd1acef8810ace0764f3a3

    • SSDEEP

      49152:tt6iaPw71zyI2im0OoGZ3/uHOo8PWVjnJEZGVuuRkKsN/CrgjNQ:tt6iaPw71zP2ib7TaW7EZGUQvsAONQ

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks