Overview

overview

10

Static

static

3

groundcustomerN.exe

windows7-x64

10

groundcustomerN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    groundcustomerN.exe

  • Size

    2.4MB

  • Sample

    231128-x26h5acc67

  • MD5

    5dbfceaf3978323e16f57de71f2df282

  • SHA1

    1f158911f42212ed204393ece715c9adf24dfc68

  • SHA256

    082212ded63efdb71b867a69f2bf874f97b0479137e403418c6c02fd062fc889

  • SHA512

    afcb7b8df231c2c507d7e02339b6a61a1f295b8bdb466f3d621d613177de7656e187f011c154abab2d09b9b87160b48831e776618962a6c109ccb6a5dea1a29b

  • SSDEEP

    49152:T5SeKThPO7Vj3g7rSdZ/ufvr7TE22qqpE+OVbbk+LUqxNoWeJKEjXiNctT:T0eohWN3UWd9ufD+B0Y+IrzKMiWtT

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      groundcustomerN.exe

    • Size

      2.4MB

    • MD5

      5dbfceaf3978323e16f57de71f2df282

    • SHA1

      1f158911f42212ed204393ece715c9adf24dfc68

    • SHA256

      082212ded63efdb71b867a69f2bf874f97b0479137e403418c6c02fd062fc889

    • SHA512

      afcb7b8df231c2c507d7e02339b6a61a1f295b8bdb466f3d621d613177de7656e187f011c154abab2d09b9b87160b48831e776618962a6c109ccb6a5dea1a29b

    • SSDEEP

      49152:T5SeKThPO7Vj3g7rSdZ/ufvr7TE22qqpE+OVbbk+LUqxNoWeJKEjXiNctT:T0eohWN3UWd9ufD+B0Y+IrzKMiWtT

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks