Overview

overview

10

Static

static

3

646f739241...aa.exe

windows7-x64

10

646f739241...aa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    646f739241e98f819327983bb8083baa.exe

  • Size

    2.1MB

  • Sample

    231120-284qbsag45

  • MD5

    9927a607a52567792a420f2ed4467837

  • SHA1

    7ddf28bd347d57ba3fb2a71a979df2f1370f6b2f

  • SHA256

    154c606a6781addd71b108cdc62cf45cd1786ba7e7277105d71acedd86d565a5

  • SHA512

    eda9a7463d536a7acbd30dcbd4c8d57918f92c3b88a38bc71dee777b399865b320c965fcd79f8fc67d06c1438b139d73868d7a411b3136a9f76dff0ff083b939

  • SSDEEP

    49152:3daBDJkP0SrSzXcW5FLEg95FnkLl6XVQsZL2UvMSvWLEU+thP4Gz2e:3wzksSrmXcA7p8l6GKDTSb+tJ5

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      646f739241e98f819327983bb8083baa.exe

    • Size

      2.1MB

    • MD5

      9927a607a52567792a420f2ed4467837

    • SHA1

      7ddf28bd347d57ba3fb2a71a979df2f1370f6b2f

    • SHA256

      154c606a6781addd71b108cdc62cf45cd1786ba7e7277105d71acedd86d565a5

    • SHA512

      eda9a7463d536a7acbd30dcbd4c8d57918f92c3b88a38bc71dee777b399865b320c965fcd79f8fc67d06c1438b139d73868d7a411b3136a9f76dff0ff083b939

    • SSDEEP

      49152:3daBDJkP0SrSzXcW5FLEg95FnkLl6XVQsZL2UvMSvWLEU+thP4Gz2e:3wzksSrmXcA7p8l6GKDTSb+tJ5

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks