netsupport | bad430b568dbe3b7d6fac03fe953377d2b99e0632bf55cd5c318597d315c5074 | Triage

Submit
Reports

Overview

overview

Static

static

1

bad430b568...74.hta

windows7-x64

3

bad430b568...74.hta

windows10-2004-x64

Sharing

General

Target

bad430b568dbe3b7d6fac03fe953377d2b99e0632bf55cd5c318597d315c5074.hta
Size

1.3MB
Sample

231215-vmeezsgcek
MD5

715d2502c51eddfd399a63042a259634
SHA1

3b3fe625bb815ffb20d928b3d31a75fce981ce95
SHA256

bad430b568dbe3b7d6fac03fe953377d2b99e0632bf55cd5c318597d315c5074
SHA512

6b821f233a64b8c0cb7ca7ad53d51558c412db4c9acaff384f48a649a00a61967b79b1ea414acd4ca58040e24405fae7dde1c1e646395d8358dcff91dae7779b
SSDEEP

3072:8m8dVB780qXTtxi7FN8YnpFwrJZxsAXkO3kQ3iF/+:H8db780qX5EjRpKrDxbrUQ3y+

Score

10^/10

netsupport rat

Static task

static1

Behavioral task

behavioral1

Sample

bad430b568dbe3b7d6fac03fe953377d2b99e0632bf55cd5c318597d315c5074.hta

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

bad430b568dbe3b7d6fac03fe953377d2b99e0632bf55cd5c318597d315c5074.hta

Resource

win10v2004-20231215-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  bad430b568dbe3b7d6fac03fe953377d2b99e0632bf55cd5c318597d315c5074.hta
- Size
  
  1.3MB
- MD5
  
  715d2502c51eddfd399a63042a259634
- SHA1
  
  3b3fe625bb815ffb20d928b3d31a75fce981ce95
- SHA256
  
  bad430b568dbe3b7d6fac03fe953377d2b99e0632bf55cd5c318597d315c5074
- SHA512
  
  6b821f233a64b8c0cb7ca7ad53d51558c412db4c9acaff384f48a649a00a61967b79b1ea414acd4ca58040e24405fae7dde1c1e646395d8358dcff91dae7779b
- SSDEEP
  
  3072:8m8dVB780qXTtxi7FN8YnpFwrJZxsAXkO3kQ3iF/+:H8db780qX5EjRpKrDxbrUQ3y+
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy