netsupport | a6e37789dea33b593d76b8dfaa0c7a809ee1ce3850974c65a4345838877c3a2e | Triage

Sharing

General

Target

581158115811.js
Size

3KB
Sample

230829-j81dssea7x
MD5

0997ddf7b37727cba3201fa07be4cc6d
SHA1

ea5adba0e2ba81557947217f401888d51f96a245
SHA256

a6e37789dea33b593d76b8dfaa0c7a809ee1ce3850974c65a4345838877c3a2e
SHA512

f212e63de50a388dd450371c2a3f5f9992160f6e644fa018447b4a5c9f6a837417559b66663339b3aa5f47af6577e8c8ddd236b31fa6441327abc1bb579f07be

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://instalfrio.cl/destination.txt

exe.dropper

http://instalfrio.cl/destination.txt

Targets

- Target
  
  581158115811.js
- Size
  
  3KB
- MD5
  
  0997ddf7b37727cba3201fa07be4cc6d
- SHA1
  
  ea5adba0e2ba81557947217f401888d51f96a245
- SHA256
  
  a6e37789dea33b593d76b8dfaa0c7a809ee1ce3850974c65a4345838877c3a2e
- SHA512
  
  f212e63de50a388dd450371c2a3f5f9992160f6e644fa018447b4a5c9f6a837417559b66663339b3aa5f47af6577e8c8ddd236b31fa6441327abc1bb579f07be
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat