netsupport | 933861b75227a3f4727b5872fa9da1b049e420632f8a9198987e8bfbaf7da9e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

933861b75227a3f4727b5872fa9da1b049e420632f8a9198987e8bfbaf7da9e6_JC.js
Size

37KB
Sample

230825-raskascc72
MD5

c15beea0035b0ac586f27895a29a04f4
SHA1

937d9d8eaac5a6ef16ce8bcae4b084a3603a49a3
SHA256

933861b75227a3f4727b5872fa9da1b049e420632f8a9198987e8bfbaf7da9e6
SHA512

ecbf688b91157e375fff3fa0b6d001a80e69d1a11d9467f38dbcab08714f87564cfcbaf49ab8637010db2c2974b73f863f39856d10cd6275abd4f1873e0d0145
SSDEEP

768:r4mmlLumMT+Sh5+nyZcUtu/tWnm8raemrwzyWM6j:0mmlLg7hdtwWnzraemrcMw

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://tukudewe.com/js/01b1v2g3.zip

exe.dropper

https://tukudewe.com/js/h3b2_jsg/

Targets

- Target
  
  933861b75227a3f4727b5872fa9da1b049e420632f8a9198987e8bfbaf7da9e6_JC.js
- Size
  
  37KB
- MD5
  
  c15beea0035b0ac586f27895a29a04f4
- SHA1
  
  937d9d8eaac5a6ef16ce8bcae4b084a3603a49a3
- SHA256
  
  933861b75227a3f4727b5872fa9da1b049e420632f8a9198987e8bfbaf7da9e6
- SHA512
  
  ecbf688b91157e375fff3fa0b6d001a80e69d1a11d9467f38dbcab08714f87564cfcbaf49ab8637010db2c2974b73f863f39856d10cd6275abd4f1873e0d0145
- SSDEEP
  
  768:r4mmlLumMT+Sh5+nyZcUtu/tWnm8raemrwzyWM6j:0mmlLg7hdtwWnzraemrcMw
Score

10^/10

persistence netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

BITS Jobs

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

BITS Jobs

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat