Overview

overview

10

Static

static

3

agreeprovide.exe

windows7-x64

10

agreeprovide.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    agreeprovide.exe

  • Size

    3.2MB

  • Sample

    231204-zr5vysfe3w

  • MD5

    ad15345d1d6bae42007651078d8f2c7c

  • SHA1

    571f220c612a6aed80c7d949cb18f625175fd442

  • SHA256

    66da427e965b0876445bfb5834102e506fab680793c88ede0aed0ce385452ffc

  • SHA512

    4994139750bd20603c373befaa35b6441b4d81fe1e1d022a0c5d4423dc4b6e663eb59b5c4d02558e73c5702d995ffb6e757ac5984394efcf09d8a5ff79134767

  • SSDEEP

    98304:jwMMMMMMMC4LsBoB/M4yLAC/sCE3Vkd9ufD+B0Y+IrzaCe:rM5UC/sd9fyuY+Ie

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      agreeprovide.exe

    • Size

      3.2MB

    • MD5

      ad15345d1d6bae42007651078d8f2c7c

    • SHA1

      571f220c612a6aed80c7d949cb18f625175fd442

    • SHA256

      66da427e965b0876445bfb5834102e506fab680793c88ede0aed0ce385452ffc

    • SHA512

      4994139750bd20603c373befaa35b6441b4d81fe1e1d022a0c5d4423dc4b6e663eb59b5c4d02558e73c5702d995ffb6e757ac5984394efcf09d8a5ff79134767

    • SSDEEP

      98304:jwMMMMMMMC4LsBoB/M4yLAC/sCE3Vkd9ufD+B0Y+IrzaCe:rM5UC/sd9fyuY+Ie

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks