Overview

overview

10

Static

static

3

b4d61c5367...c0.exe

windows7-x64

10

b4d61c5367...c0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    15f7867fee9b4bbcb91168ecc52eb5d2.bin

  • Size

    1.9MB

  • Sample

    230520-bf8kpscb5z

  • MD5

    08124e8cf357d79f3056eeb67095c44e

  • SHA1

    f6c9687c5e1bc08dca3897a70727018e603545be

  • SHA256

    42a7b17b7f0d0888a6bec6b27f22d84ea6a6e7b135efe918c16bb8da230626ff

  • SHA512

    1f97dfa6345ade961e236fead92524d7115a182c36dad80cac42c10391fc620c7cb3fff20d4e1d2ca9d0ba47d2e4ca57e809e9f54f981f83bcd17323df4ff457

  • SSDEEP

    49152:bre45yUki6EhKZMNou9rE6OnPWxHKD2xO8pV:He4hdQMCu9rVYO1Z3

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      b4d61c536730fbab0d2d81ec2f7bf8cdda541e4fd9200ddf50cf773c90c019c0.exe

    • Size

      2.0MB

    • MD5

      15f7867fee9b4bbcb91168ecc52eb5d2

    • SHA1

      8ab83f49f98b1188de7c52a5bd7bccc3f7b0bd8f

    • SHA256

      b4d61c536730fbab0d2d81ec2f7bf8cdda541e4fd9200ddf50cf773c90c019c0

    • SHA512

      35da5c82e9f7d7be624034625fde2f271cfe8dd8b42d74941499b11fe44665f74caf4d5299d31fc3f647d8edf4ca980f7414ab33f30191d87185c91b44aaae68

    • SSDEEP

      49152:/BrdfcoIsGlR4EpZeYzg/6aU2/trEvGony/78Ro6:5rWBblR4oesg/6ajtovD28

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks