Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

rt.php.ps1

windows10-1703-x64

10

rt.php.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rt.php.ps1

  • Size

    2.8MB

  • Sample

    230526-scn6bsga54

  • MD5

    d2fc96f1c1c1404df8a0ca2282448ad2

  • SHA1

    de1d9b6dcdcf5398b4b9599e1c8f5a7197e3297b

  • SHA256

    c464db92b9cdb0069156187fd9320829452bd71b2fc2907fb1215a4d133ae79c

  • SHA512

    71ac93240aaef1f84b0d19887af5a3511e4f0a7f9f739d189ab95119ff361acc48b75bfdda7c772f768d564dc3f72768f556a36ae9e11d7f29ee9c32d92a7c77

  • SSDEEP

    24576:CA6WYne7IMJTrEFpg6v81zWmla7C6FWs8ct7Qx+TBL4Orh8JfbmfmMeWI4eIrenr:D7Ihp0aTYs8chGnFsu8PgnTNEQALjla

Score
10/10
netsupportpersistencerat

Malware Config

Targets

    • Target

      rt.php.ps1

    • Size

      2.8MB

    • MD5

      d2fc96f1c1c1404df8a0ca2282448ad2

    • SHA1

      de1d9b6dcdcf5398b4b9599e1c8f5a7197e3297b

    • SHA256

      c464db92b9cdb0069156187fd9320829452bd71b2fc2907fb1215a4d133ae79c

    • SHA512

      71ac93240aaef1f84b0d19887af5a3511e4f0a7f9f739d189ab95119ff361acc48b75bfdda7c772f768d564dc3f72768f556a36ae9e11d7f29ee9c32d92a7c77

    • SSDEEP

      24576:CA6WYne7IMJTrEFpg6v81zWmla7C6FWs8ct7Qx+TBL4Orh8JfbmfmMeWI4eIrenr:D7Ihp0aTYs8chGnFsu8PgnTNEQALjla

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks