netsupport | eb7a7f9d8fde85d1ffeaaf7bc27a06129e431e1615f731acd71aeddc32c8359b | Triage

Sharing

General

Target

926b426a5d246c666e3c05bb98566b2e.ps1
Size

2.8MB
Sample

230402-y4ph3abf91
MD5

926b426a5d246c666e3c05bb98566b2e
SHA1

2e7aa53e4e2365812904c540ab544c75d2a68560
SHA256

eb7a7f9d8fde85d1ffeaaf7bc27a06129e431e1615f731acd71aeddc32c8359b
SHA512

9b7c2d63c3e60b78c65cd53fa4a18bb551fa6f7cd899fc581971b990ebbd09b1cc35d4caa27c96ff76ffb18c248e3c2b933e8e6d58660f4a4478b219873cfb7f
SSDEEP

49152:1PLcFJh88TWNVWy/Lo7I2o6iGKDhErHEgLxzSh0Z8Gt4jbtGD:W

Score

10^/10

netsupport persistence rat

Malware Config

Targets

- Target
  
  926b426a5d246c666e3c05bb98566b2e.ps1
- Size
  
  2.8MB
- MD5
  
  926b426a5d246c666e3c05bb98566b2e
- SHA1
  
  2e7aa53e4e2365812904c540ab544c75d2a68560
- SHA256
  
  eb7a7f9d8fde85d1ffeaaf7bc27a06129e431e1615f731acd71aeddc32c8359b
- SHA512
  
  9b7c2d63c3e60b78c65cd53fa4a18bb551fa6f7cd899fc581971b990ebbd09b1cc35d4caa27c96ff76ffb18c248e3c2b933e8e6d58660f4a4478b219873cfb7f
- SSDEEP
  
  49152:1PLcFJh88TWNVWy/Lo7I2o6iGKDhErHEgLxzSh0Z8Gt4jbtGD:W
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportpersistencerat

behavioral2