Overview

overview

10

Static

static

3

PurchaseOrder.exe

windows7-x64

10

PurchaseOrder.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PurchaseOrder.exe

  • Size

    2.4MB

  • Sample

    230718-hcxscsgf86

  • MD5

    6757f09fde7c25be502dd96903616373

  • SHA1

    9473c0fe323dba82120b183cb5534adb15712f21

  • SHA256

    233019f7f2464732ec93ec2b01b360363a9c5a387c1f392c4ed92c90aeb5505f

  • SHA512

    e78e120ee51f353cb2bdf313a58ebe3eeb070c3491671938dccf9166da98110c1de08977236cba4cfed32b78cff3fc5684b2d10fa55a3bade663756f500030b9

  • SSDEEP

    49152:wBXgSB+D6dg357ao6rSFL+Nu6WaS0101whW0tZiWNuTWa:k3Btdg357grSFE28x/ZiWNuh

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      PurchaseOrder.exe

    • Size

      2.4MB

    • MD5

      6757f09fde7c25be502dd96903616373

    • SHA1

      9473c0fe323dba82120b183cb5534adb15712f21

    • SHA256

      233019f7f2464732ec93ec2b01b360363a9c5a387c1f392c4ed92c90aeb5505f

    • SHA512

      e78e120ee51f353cb2bdf313a58ebe3eeb070c3491671938dccf9166da98110c1de08977236cba4cfed32b78cff3fc5684b2d10fa55a3bade663756f500030b9

    • SSDEEP

      49152:wBXgSB+D6dg357ao6rSFL+Nu6WaS0101whW0tZiWNuTWa:k3Btdg357grSFE28x/ZiWNuh

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks