Overview

overview

10

Static

static

3

15f7867fee...d2.exe

windows7-x64

10

15f7867fee...d2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    15f7867fee9b4bbcb91168ecc52eb5d2.exe

  • Size

    2.0MB

  • Sample

    230518-trdhtach97

  • MD5

    15f7867fee9b4bbcb91168ecc52eb5d2

  • SHA1

    8ab83f49f98b1188de7c52a5bd7bccc3f7b0bd8f

  • SHA256

    b4d61c536730fbab0d2d81ec2f7bf8cdda541e4fd9200ddf50cf773c90c019c0

  • SHA512

    35da5c82e9f7d7be624034625fde2f271cfe8dd8b42d74941499b11fe44665f74caf4d5299d31fc3f647d8edf4ca980f7414ab33f30191d87185c91b44aaae68

  • SSDEEP

    49152:/BrdfcoIsGlR4EpZeYzg/6aU2/trEvGony/78Ro6:5rWBblR4oesg/6ajtovD28

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      15f7867fee9b4bbcb91168ecc52eb5d2.exe

    • Size

      2.0MB

    • MD5

      15f7867fee9b4bbcb91168ecc52eb5d2

    • SHA1

      8ab83f49f98b1188de7c52a5bd7bccc3f7b0bd8f

    • SHA256

      b4d61c536730fbab0d2d81ec2f7bf8cdda541e4fd9200ddf50cf773c90c019c0

    • SHA512

      35da5c82e9f7d7be624034625fde2f271cfe8dd8b42d74941499b11fe44665f74caf4d5299d31fc3f647d8edf4ca980f7414ab33f30191d87185c91b44aaae68

    • SSDEEP

      49152:/BrdfcoIsGlR4EpZeYzg/6aU2/trEvGony/78Ro6:5rWBblR4oesg/6ajtovD28

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks