netsupport

Sharing

Copy URL

Twitter E-mail

General

Target

55ac40cf8c4d7222f9239f28209d4453.bin
Size

2.6MB
Sample

230913-bp56yabd83
MD5

152aa389a6130f1e215606dc060d7b98
SHA1

ec994c3548a9c51d35c08f7b3f6ab8a380659b07
SHA256

aea1dcb3a92cb5d5841f7e03a88f6220829e2df1dae2d147e70aef69d16770fb
SHA512

9c28d28e944aeab9d5e16d53b8499f88c32fa6b5ec206a1167532709f483ea50a04358d4ee6044b2618e7acbc445a517f221aad27eaaea389b727de940743951
SSDEEP

49152:wJoZTYTTvWbNpRu2fDYzPVA0cyiA+Q0h2dglhrR4bR8tGIsXkF6w:wJoZTYHvApIc4A0cyiAcEcRbtU66w

Score

10^/10

Malware Config

Targets

- Target
  
  CareAbout.exe
- Size
  
  103KB
- MD5
  
  8d9709ff7d9c83bd376e01912c734f0a
- SHA1
  
  e3c92713ce1d7eaa5e2b1fabeb06cdc0bb499294
- SHA256
  
  49a568f8ac11173e3a0d76cff6bc1d4b9bdf2c35c6d8570177422f142dcfdbe3
- SHA512
  
  042ad89ed2e15671f5df67766d11e1fa7ada8241d4513e7c8f0d77b983505d63ebfb39fefa590a2712b77d7024c04445390a8bf4999648f83dbab6b0f04eb2ee
- SSDEEP
  
  384:qTjV5+6j6Qa86Fkv2Wr120hZIqeTSGRp2TkFimMP:qHVZl6FhWr80/heT8TkFiH
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
behavioral1 behavioral2
- Target
  
  HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  2d3b207c8a48148296156e5725426c7f
- SHA1
  
  ad464eb7cf5c19c8a443ab5b590440b32dbc618f
- SHA256
  
  edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796
- SHA512
  
  55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c
- SSDEEP
  
  6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
Score

3^/10
behavioral3 behavioral4
- Target
  
  ExtExport.exe
- Size
  
  53KB
- MD5
  
  b11437540bdfc36fee80caefff057d41
- SHA1
  
  6a42e42b74af85de5bcb5deec54cbef83ca66e27
- SHA256
  
  edc454bca93a7d41d193a59953bde82766fc6874345a71bea2a8c52e71d06e29
- SHA512
  
  8bdcb574dbd83e805e101e325b081e1abe19078acf1679bf6167041476a1afb4fe813b1b1f5d6dd6c97b4b1c2d659425232ae699dd26abb7945b8f7ab0096433
- SSDEEP
  
  1536:uMzsdDPVEPBLllUau56M+gQFafuVHVcCU+Mv3+3xbKZ/nMsQt1TZ/I8PScMI:uM4dDVEjlUau56M+gQ3HO7+Mv3+3xbKo
Score

1^/10
behavioral5 behavioral6
- Target
  
  iediagcmd.exe
- Size
  
  503KB
- MD5
  
  47848682b029e73d50db21b036234db3
- SHA1
  
  cfb5e4cf260a4d8ca0daf135429332f7d27c93a3
- SHA256
  
  879aebf76db4528f0f4747b38e0cb9ba66ad983c171fb54a4e548ff1c004e459
- SHA512
  
  5052094b2033ae5b4a4334f7067086e2266bae5e34f8eef26535e70600c4162b48930ea5040a465511c10eb517ea128211b512fb5822b2b8ca4445498ef828cf
- SSDEEP
  
  12288:vjQJGJ17jTmepq1Zi2HDG2YIwgj5rp21ZZ:LQJGJIW05YIww5tK
Score

8^/10

evasion persistence
- Modifies Windows Firewall
  evasion
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  ieinstal.exe
- Size
  
  493KB
- MD5
  
  c9edd394eb4d0996ee43cb67563df50c
- SHA1
  
  6888a6b34a6b2bdac0096a453c4e6f8d10e810f3
- SHA256
  
  cc57d54c0d17f5e786a75bc28ce2133499672fe378b6f62c8117f2f0c191e932
- SHA512
  
  eaabc79b810edcb7ec0c99011eb0f87f8b45c7ea3cea17a7c2bee4bbb4c9e811040977415936cc45de8adfcea1f2367b72ac17812d510172954641d5899b97d2
- SSDEEP
  
  6144:XXR616NN5sBwNw1rOt9pdYamXnrdbMKw7w1rOt9pdYamXnrdbMKw:XXRtRF+5OLpdNIrd4Ds5OLpdNIrd4D
Score

1^/10
behavioral10 behavioral9
- Target
  
  ielowutil.exe
- Size
  
  219KB
- MD5
  
  d831180f7596e0d2bb87b2cc57ecfca2
- SHA1
  
  472a9d3f90a50222d4944c70422734f4955f15a1
- SHA256
  
  3099b6cf67191b1a7e4d8463576fe85835e8df2296dba3470b0cd42babd336c8
- SHA512
  
  879446f600f21135c6e0ed3df8991906f6213569f72f701cb97ce0acd52a1187e0a0faf484e50ed22ab8ea64d1217c65a2ff1b693aa06f5993532ca163f5a6b7
- SSDEEP
  
  3072:VstD7trOt9pfslMYO9mXn9H0LeinObM6gZy5ChoTic:Vw1rOt9pdYamXnrdbMKw
Score

1^/10
behavioral11 behavioral12
- Target
  
  PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  a0b9388c5f18e27266a31f8c5765b263
- SHA1
  
  906f7e94f841d464d4da144f7c858fa2160e36db
- SHA256
  
  313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
- SHA512
  
  6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd
- SSDEEP
  
  192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
Score

1^/10
behavioral13 behavioral14
- Target
  
  PCICL32.DLL
- Size
  
  3.6MB
- MD5
  
  00587238d16012152c2e951a087f2cc9
- SHA1
  
  c4e27a43075ce993ff6bb033360af386b2fc58ff
- SHA256
  
  63aa18c32af7144156e7ee2d5ba0fa4f5872a7deb56894f6f96505cbc9afe6f8
- SHA512
  
  637950a1f78d3f3d02c30a49a16e91cf3dfccc59104041876789bd7fdf9224d187209547766b91404c67319e13d1606da7cec397315495962cbf3e2ccd5f1226
- SSDEEP
  
  49152:cTXNZ+0ci2aYNT8wstdAukudJ1xTvIZamclSp+73mPu:cTXNo0cpKwstTJIkS43mm
Score

5^/10
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  TCCTL32.DLL
- Size
  
  387KB
- MD5
  
  eab603d12705752e3d268d86dff74ed4
- SHA1
  
  01873977c871d3346d795cf7e3888685de9f0b16
- SHA256
  
  6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea
- SHA512
  
  77de0d9c93ccba967db70b280a85a770b3d8bea3b707b1abb037b2826b48898fec87924e1a6cce218c43478e5209e9eb9781051b4c3b450bea3cd27dbd32c7f3
- SSDEEP
  
  12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ
Score

1^/10
behavioral17 behavioral18
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10
behavioral19 behavioral20
- Target
  
  pcicapi.dll
- Size
  
  32KB
- MD5
  
  dcde2248d19c778a41aa165866dd52d0
- SHA1
  
  7ec84be84fe23f0b0093b647538737e1f19ebb03
- SHA256
  
  9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
- SHA512
  
  c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166
- SSDEEP
  
  768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
Score

1^/10
behavioral21 behavioral22
- Target
  
  remcmdstub.exe
- Size
  
  53KB
- MD5
  
  fe8978aeac17836d0b99c3edb88de357
- SHA1
  
  d7320274619baeb175855406d1027d02f845fb6c
- SHA256
  
  577927563589c3c9d05c510bce5f3cd9a55ea1de155e50e87c066bbff290a6fe
- SHA512
  
  68b6c647b40f071a602dcecd580232aca8434c7338837debda9d1ec37776415f680ac184ffb1497c93caa7353276d41d5df77538e004c1ffd168217df2cb5262
- SSDEEP
  
  768:vehWO78043LHCTPQuw/T3cgCsMl2PLLW/bC:vAb43LuPQFTSl2PLaTC
Score

1^/10
behavioral23 behavioral24