Overview

overview

10

Static

static

1

teruak.hta

windows7-x64

3

teruak.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    teruak.hta

  • Size

    1.3MB

  • Sample

    240116-ztnz8aafck

  • MD5

    79f3f52bd1349516cc18af5e156ecfa4

  • SHA1

    b329f3559ad62cc1dcca2acf44c07f60e5be4d7d

  • SHA256

    5d9fd9c38080619f472c99bc4c3793ba7103fb0b39a91fb8beb52426eead11cc

  • SHA512

    d7d8532516177580ad42fbb9a08b6670b27c4127120a61dcfd19014d04bc45a8d791584583ae274d61929053f4b40a177450f4255ee30c284091e752d0db6538

  • SSDEEP

    3072:+I+ID8yMm3e7hlH8tedS2BQU0Rm22nKjudBqmxpqhKGCs4Zu1o5w7:5N8B36eYpBRZUnd+3wu1oi7

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      teruak.hta

    • Size

      1.3MB

    • MD5

      79f3f52bd1349516cc18af5e156ecfa4

    • SHA1

      b329f3559ad62cc1dcca2acf44c07f60e5be4d7d

    • SHA256

      5d9fd9c38080619f472c99bc4c3793ba7103fb0b39a91fb8beb52426eead11cc

    • SHA512

      d7d8532516177580ad42fbb9a08b6670b27c4127120a61dcfd19014d04bc45a8d791584583ae274d61929053f4b40a177450f4255ee30c284091e752d0db6538

    • SSDEEP

      3072:+I+ID8yMm3e7hlH8tedS2BQU0Rm22nKjudBqmxpqhKGCs4Zu1o5w7:5N8B36eYpBRZUnd+3wu1oi7

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks