netsupport

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.13900.13233
Size

252KB
Sample

231012-3w583afd8s
MD5

1fd11be066371fbe09287888dd4275c2
SHA1

139981ea85424dee339d7660c27549caec1969b8
SHA256

9a3c17bc99d69c0ff856d84e9425ab3ed1e95ca1f7c48abfef2842b0a1917473
SHA512

6c383bd67a0fd81cc674b843849d9a6789b21490041bb455fe874f8faf3324b119f78c7dd030d56f145d5de7ef54eda6fe5a6930bf557dfec0245ca3be93ee90
SSDEEP

3072:acMAu8ZpNpKpH+kegGylMuhBNpuZScrSic6lnCslvwW:audZpNEozgGylMu7fM/Cs

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://taibi.at/tmp/

http://01stroy.ru/tmp/

http://mal-net.com/tmp/

http://gromograd.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  SecuriteInfo.com.Win32.TrojanX-gen.13900.13233
- Size
  
  252KB
- MD5
  
  1fd11be066371fbe09287888dd4275c2
- SHA1
  
  139981ea85424dee339d7660c27549caec1969b8
- SHA256
  
  9a3c17bc99d69c0ff856d84e9425ab3ed1e95ca1f7c48abfef2842b0a1917473
- SHA512
  
  6c383bd67a0fd81cc674b843849d9a6789b21490041bb455fe874f8faf3324b119f78c7dd030d56f145d5de7ef54eda6fe5a6930bf557dfec0245ca3be93ee90
- SSDEEP
  
  3072:acMAu8ZpNpKpH+kegGylMuhBNpuZScrSic6lnCslvwW:audZpNEozgGylMu7fM/Cs
Score

10^/10

smokeloader pub4 backdoor trojan netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

SmokeLoader

Downloads MZ/PE file

Deletes itself

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2