netsupport | b20cae48e98bb3cd42241b104a8a99326e462c64c4d46ec96075dcf77460a7f1 | Triage

Sharing

General

Target

139613961396.js
Size

3KB
Sample

230829-j54xtaah97
MD5

7888817de0e288f6ce7ab1c794dfbf58
SHA1

a9c9286b4e18e211b020076da3f1304c909cc1a6
SHA256

b20cae48e98bb3cd42241b104a8a99326e462c64c4d46ec96075dcf77460a7f1
SHA512

8417cd4074718c3e56e0261d8fd9c2b33f135262be2acb57966e5dcc41ec36921019c3d40e9df40f25d2f9a41276bd436487cb629b7fab6e5102370330e8c2d2

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://instalfrio.cl/destination.txt

exe.dropper

http://instalfrio.cl/destination.txt

Targets

- Target
  
  139613961396.js
- Size
  
  3KB
- MD5
  
  7888817de0e288f6ce7ab1c794dfbf58
- SHA1
  
  a9c9286b4e18e211b020076da3f1304c909cc1a6
- SHA256
  
  b20cae48e98bb3cd42241b104a8a99326e462c64c4d46ec96075dcf77460a7f1
- SHA512
  
  8417cd4074718c3e56e0261d8fd9c2b33f135262be2acb57966e5dcc41ec36921019c3d40e9df40f25d2f9a41276bd436487cb629b7fab6e5102370330e8c2d2
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat