Overview

overview

10

Static

static

1

2022-12-28...hp.ps1

windows7-x64

1

2022-12-28...hp.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-12-28-1otal.com-index-index.php.ps1

  • Size

    3.6MB

  • Sample

    231031-msfk8shd82

  • MD5

    677274aff0a115983ccca2066f514668

  • SHA1

    f9152358298a7de75aebf665a4799695a45d6c3a

  • SHA256

    8000aa6ab8ff41bd2495e7faa4edae8a43d23307a28d164efe6248f1c7447cc1

  • SHA512

    be4f3b9b9c60c7c85ae37a151b195113d3b9def0cc1c63d963f681dc463b714f0cc5de33c2cc3d03d5dbeca7e9d89bd44a4b3e62b07095833010091d5aac3444

  • SSDEEP

    49152:XV9cdgd4ArSkWrJE7qtMUAv2eFRX4W3cDneYHTt1ZwqRJQuZgH8:O

Score
10/10
netsupportpersistencerat

Malware Config

Targets

    • Target

      2022-12-28-1otal.com-index-index.php.ps1

    • Size

      3.6MB

    • MD5

      677274aff0a115983ccca2066f514668

    • SHA1

      f9152358298a7de75aebf665a4799695a45d6c3a

    • SHA256

      8000aa6ab8ff41bd2495e7faa4edae8a43d23307a28d164efe6248f1c7447cc1

    • SHA512

      be4f3b9b9c60c7c85ae37a151b195113d3b9def0cc1c63d963f681dc463b714f0cc5de33c2cc3d03d5dbeca7e9d89bd44a4b3e62b07095833010091d5aac3444

    • SSDEEP

      49152:XV9cdgd4ArSkWrJE7qtMUAv2eFRX4W3cDneYHTt1ZwqRJQuZgH8:O

    Score
    10/10
    netsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks