netsupport | c69642d092f9320dbc90d38fbecc3f212e4211d4f1e98e69f253d034ec77f960 | Triage

Sharing

General

Target

servs4727.js
Size

46KB
Sample

230708-kdhqyada99
MD5

ed3dcf3f046e8d3c60d1e1049d0125d2
SHA1

54d5d9832d22f82aec1d987bd6baef1a6096c3a2
SHA256

c69642d092f9320dbc90d38fbecc3f212e4211d4f1e98e69f253d034ec77f960
SHA512

0f8a71d5b8cfbe6b492044ae022986c25b1b68b1f0ffa7497ca7ac65d776bcd8585a0c4429a7674d6ffef4b012ba7e08f90c03a68fc48cdbee02d92835d5896a
SSDEEP

768:8ojU+iaCF7PKzVilJ7Y6+mw1NkPC8gb4Wf8jiVmXhJildEBOAExLsDvXon:LU+L+PKzslJ86+HNyC8S4Wf8jiVmRJSX

Score

10^/10

netsupport rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://ecotree.co.in/images/cora.zip

exe.dropper

https://ecotree.co.in/images/files/cora.zip

Targets

- Target
  
  servs4727.js
- Size
  
  46KB
- MD5
  
  ed3dcf3f046e8d3c60d1e1049d0125d2
- SHA1
  
  54d5d9832d22f82aec1d987bd6baef1a6096c3a2
- SHA256
  
  c69642d092f9320dbc90d38fbecc3f212e4211d4f1e98e69f253d034ec77f960
- SHA512
  
  0f8a71d5b8cfbe6b492044ae022986c25b1b68b1f0ffa7497ca7ac65d776bcd8585a0c4429a7674d6ffef4b012ba7e08f90c03a68fc48cdbee02d92835d5896a
- SSDEEP
  
  768:8ojU+iaCF7PKzVilJ7Y6+mw1NkPC8gb4Wf8jiVmXhJildEBOAExLsDvXon:LU+L+PKzslJ86+HNyC8S4Wf8jiVmRJSX
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2