Overview

overview

10

Static

static

3

situationl...ry.exe

windows7-x64

10

situationl...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    situationlaboratory.exe

  • Size

    2.1MB

  • Sample

    231120-t64zbaaa2t

  • MD5

    df8a729b54c46b4727141b7077fb0c0f

  • SHA1

    d12d3e33d4be860d0338bd4b1627447f70f42caa

  • SHA256

    2d635db5f9c497abaea60ee146c3274b5f0d9cfee7b97a95c88d7d6ddbab69b0

  • SHA512

    90434dc11ece6d932d6ccfb93e1bbd7eece7b9b9830ac142c1642cc6865475db0ae4c1981332ed451c5d1f4250d3dc7bd7aeb049cbe8a358f47b4e01577abe9b

  • SSDEEP

    49152:3dPBDJkP0SrSzXcW5FLEg95FnkLl6XVQsZL2UvMSvWLEU+thP4Gz2e:3NzksSrmXcA7p8l6GKDTSb+tJ5

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      situationlaboratory.exe

    • Size

      2.1MB

    • MD5

      df8a729b54c46b4727141b7077fb0c0f

    • SHA1

      d12d3e33d4be860d0338bd4b1627447f70f42caa

    • SHA256

      2d635db5f9c497abaea60ee146c3274b5f0d9cfee7b97a95c88d7d6ddbab69b0

    • SHA512

      90434dc11ece6d932d6ccfb93e1bbd7eece7b9b9830ac142c1642cc6865475db0ae4c1981332ed451c5d1f4250d3dc7bd7aeb049cbe8a358f47b4e01577abe9b

    • SSDEEP

      49152:3dPBDJkP0SrSzXcW5FLEg95FnkLl6XVQsZL2UvMSvWLEU+thP4Gz2e:3NzksSrmXcA7p8l6GKDTSb+tJ5

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks