netsupport | d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8 | Triage

Sharing

General

Target

d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8_JC.hta
Size

1.3MB
Sample

230902-pnzjnada2s
MD5

63cdb37e2bf2928a36eafe3705d30284
SHA1

235f23fafaa45b5b41fc95e567f098e179c43e0c
SHA256

d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8
SHA512

720eea1eaf5da2d3c617dfae82a2f97735c24b0e9cd0ce9549679bdfa9989293b44986393f17c666d15c1dba34b3340bdb94550891454a029d67229fa908fd52
SSDEEP

3072:TO1dnIpk90I3oQ504RqikgNkZdPR5YvP0fwlakvzIo9:TO1dnI+28j0zcOjE0fwlhvzZ9

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8_JC.hta
- Size
  
  1.3MB
- MD5
  
  63cdb37e2bf2928a36eafe3705d30284
- SHA1
  
  235f23fafaa45b5b41fc95e567f098e179c43e0c
- SHA256
  
  d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8
- SHA512
  
  720eea1eaf5da2d3c617dfae82a2f97735c24b0e9cd0ce9549679bdfa9989293b44986393f17c666d15c1dba34b3340bdb94550891454a029d67229fa908fd52
- SSDEEP
  
  3072:TO1dnIpk90I3oQ504RqikgNkZdPR5YvP0fwlakvzIo9:TO1dnI+28j0zcOjE0fwlhvzZ9
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2