netsupport | 10f148de0455447160996854eaf8539173b64fabe239d099b096a6474ae7a314 | Triage

Sharing

General

Target

rt.php.ps1
Size

2.8MB
Sample

230425-tv38msbd94
MD5

e39ec9112181ce3c69a49fa3f0941802
SHA1

03c8a0d471bf36a7c255ba3435d09d74966cf1ed
SHA256

10f148de0455447160996854eaf8539173b64fabe239d099b096a6474ae7a314
SHA512

d129b3144f59b7793c3d4f71593b08c7d915870efc7eabe250a2b9f537f9ee55686a852e4765bdaa176cccee4d28675f3a83319023a9e122da9488ec4f2c3197
SSDEEP

24576:85TfLbTzLFqKdd74+aSa3U/UUKEgq4dv9FxhOwcAE3PMvE7yakh7mVvP4nCF6Hvy:W3Bd0lYYd9FAGvz7Ee1BB4n3qINcW

Score

10^/10

netsupport persistence rat

Malware Config

Targets

- Target
  
  rt.php.ps1
- Size
  
  2.8MB
- MD5
  
  e39ec9112181ce3c69a49fa3f0941802
- SHA1
  
  03c8a0d471bf36a7c255ba3435d09d74966cf1ed
- SHA256
  
  10f148de0455447160996854eaf8539173b64fabe239d099b096a6474ae7a314
- SHA512
  
  d129b3144f59b7793c3d4f71593b08c7d915870efc7eabe250a2b9f537f9ee55686a852e4765bdaa176cccee4d28675f3a83319023a9e122da9488ec4f2c3197
- SSDEEP
  
  24576:85TfLbTzLFqKdd74+aSa3U/UUKEgq4dv9FxhOwcAE3PMvE7yakh7mVvP4nCF6Hvy:W3Bd0lYYd9FAGvz7Ee1BB4n3qINcW
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportpersistencerat