Overview

overview

10

Static

static

3

14122023_0...38.exe

windows7-x64

10

14122023_0...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14122023_0029_deb00a386b6e38.exe

  • Size

    2.2MB

  • Sample

    231213-tzpk2sgfe8

  • MD5

    e0513cff99bb7b3acd1412295e499bc2

  • SHA1

    96bb297d825579606cd690ad6ffc39b7e4c8a73a

  • SHA256

    f59c840544616b64fec28c914cb8e8132ad54980e80070f649a38b6bd387d6b9

  • SHA512

    36eb32c855b77853fa71d49df643e85b967af0e596a9b2c30bb09e57e36452f9c3f0ddc221f70c04440f5e46e03b8cdf6468d74a72b3aff52efddcdd2287be61

  • SSDEEP

    49152:pveOOVj3gu9SdZ/ufvr7TE22qqpE+OVbbk+LUqxNoWeJbxBEmVXH:pto3bEd9ufD+B0Y+IrzbLPZH

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      14122023_0029_deb00a386b6e38.exe

    • Size

      2.2MB

    • MD5

      e0513cff99bb7b3acd1412295e499bc2

    • SHA1

      96bb297d825579606cd690ad6ffc39b7e4c8a73a

    • SHA256

      f59c840544616b64fec28c914cb8e8132ad54980e80070f649a38b6bd387d6b9

    • SHA512

      36eb32c855b77853fa71d49df643e85b967af0e596a9b2c30bb09e57e36452f9c3f0ddc221f70c04440f5e46e03b8cdf6468d74a72b3aff52efddcdd2287be61

    • SSDEEP

      49152:pveOOVj3gu9SdZ/ufvr7TE22qqpE+OVbbk+LUqxNoWeJbxBEmVXH:pto3bEd9ufD+B0Y+IrzbLPZH

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks