netsupport | 0d2d85d98310a735391d516207b11b6eeea4a5b833cbc521b40d39b6e8635bcd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rechn1831js.js
Size

48KB
Sample

230705-p68kaacd76
MD5

7115a87c04916857fa2482c58cb87203
SHA1

7cb325fdd6eae9a94123f1dd41f35c4e03dd45b9
SHA256

0d2d85d98310a735391d516207b11b6eeea4a5b833cbc521b40d39b6e8635bcd
SHA512

f01cbaf59114519965a76cdb6caab811abcc3d29a68c8696a7738b384a6be636ea68c09a3070aeaea41b51275e5b7d59ebd68d267a2566d705587c06694d646e
SSDEEP

768:HJSaNaky1sAaN+5GXBgbmNLsohLedbAlc2mXeM/puy7zDOcbIeLk2:HJSGynGTXCKJXhLedbuIeM/puyvDfIn2

Score

10^/10

netsupport rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://clibur.es/apply.zip

exe.dropper

https://clibur.es/files/

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://clibur.es/apply.zip

exe.dropper

https://clibur.es/files/

Targets

- Target
  
  rechn1831js.js
- Size
  
  48KB
- MD5
  
  7115a87c04916857fa2482c58cb87203
- SHA1
  
  7cb325fdd6eae9a94123f1dd41f35c4e03dd45b9
- SHA256
  
  0d2d85d98310a735391d516207b11b6eeea4a5b833cbc521b40d39b6e8635bcd
- SHA512
  
  f01cbaf59114519965a76cdb6caab811abcc3d29a68c8696a7738b384a6be636ea68c09a3070aeaea41b51275e5b7d59ebd68d267a2566d705587c06694d646e
- SSDEEP
  
  768:HJSaNaky1sAaN+5GXBgbmNLsohLedbAlc2mXeM/puy7zDOcbIeLk2:HJSGynGTXCKJXhLedbuIeM/puyvDfIn2
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2