Overview

overview

10

Static

static

10

new 1.ps1

windows7-x64

6

new 1.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new 1.ps1

  • Size

    2KB

  • Sample

    240124-c31ztagee2

  • MD5

    164fa80eb15e670539783d577140c0e8

  • SHA1

    316d04c9a545bf48580a58750d8cfe0d7e3f6080

  • SHA256

    be819fd3ceef5b47fd3f1b3a84812db1cef8297e6eb3372e06134d3517e68297

  • SHA512

    73aa708d74e2b6862f61c1344ce6f18576400c5616332669f27e6fa8d255fc4ebee50e3b77dd408d6c772641907dee92dc979e505366b3d5ce952928bfadeb35

Score
10/10
netsupportpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://core-click.net/TVFrontend/NSM.zip
exe.dropper

https://core-click.net/TVFrontend/remcmdstub.zip
exe.dropper

https://core-click.net/TVFrontend/DLAA1view.zip
exe.dropper

https://core-click.net/TVFrontend/mock/

Targets

    • Target

      new 1.ps1

    • Size

      2KB

    • MD5

      164fa80eb15e670539783d577140c0e8

    • SHA1

      316d04c9a545bf48580a58750d8cfe0d7e3f6080

    • SHA256

      be819fd3ceef5b47fd3f1b3a84812db1cef8297e6eb3372e06134d3517e68297

    • SHA512

      73aa708d74e2b6862f61c1344ce6f18576400c5616332669f27e6fa8d255fc4ebee50e3b77dd408d6c772641907dee92dc979e505366b3d5ce952928bfadeb35

    Score
    10/10
    persistencenetsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks