netsupport | 0392634ea11705b38c167ea39cdf43d6a88febf963ec10247ca8ef99183fb304 | Triage

Sharing

General

Target

zip.zip
Size

475B
Sample

230418-xapfjafb2t
MD5

1064da236d0fb40f207bd53b6055290a
SHA1

3c126aa5c1c594d3a1fa2c24dfa27cbda1dda284
SHA256

0392634ea11705b38c167ea39cdf43d6a88febf963ec10247ca8ef99183fb304
SHA512

d27b44578a9da0c2aa606b03a67f641e4c88cb698efdb95628e2fdc02b5715341ce0c15181b34431f9e6ea6f8d8d164f645a13ecabf7dfbf0e44881c27a24b00

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://gold-fish.top/glazgo.zip

Targets

- Target
  
  script.ps1
- Size
  
  505B
- MD5
  
  126d0143c4a72b552b57453b5144bdae
- SHA1
  
  01a67e78816f59293209b0858d0d4c07aaee75a4
- SHA256
  
  7f1bfe31baacd8ec5ae271d00b32bc39b244191a99349b570d4d16ef77a4eaab
- SHA512
  
  a69ecbb60fbe62b1035ff254645e975ddbf9adc0e34bf0a392c7631b14b9ed0f1b081c7a6eed0cb24ebfb369caeba7eeb54b41e16db29304c2b334f60ce4261e
Score

10^/10

persistence netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat