Overview

overview

10

Static

static

1

updmgpower.hta

windows7-x64

3

updmgpower.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    updmgpower.zip

  • Size

    55KB

  • Sample

    240124-t6hq3sdhcr

  • MD5

    14e7441e6aa9155077ee44b140dcb522

  • SHA1

    fc03b348723de6ff1adbb798cb9a8cbca7a86770

  • SHA256

    0e465179f23f38136ff272da903c53f5d748384294c196d86cd920650ef536f1

  • SHA512

    84d2ba7e3799e53af4788ce6257061162e792d0d2cfca4602543ad668387c01d7a955705babb852b30a0452c57d6760df85a50647f36115426f82bc81db47f8e

  • SSDEEP

    1536:C/x0FaQGt13KFTSwfo5VxRngP+JTaeL0dzedau8OxH:Qi8VTuoliPeTaeL0Nedau8gH

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      updmgpower.hta

    • Size

      1.3MB

    • MD5

      060c8203dacb3ae511a7bc2f02b9f98d

    • SHA1

      aaaffce215108e8c985db92227bee0bc7a1e456c

    • SHA256

      1e3f95ccf29c4843c72fdfef6ab27b9de474c76d89eb612abb76ff8c943d7a34

    • SHA512

      e1e3fc49cb36b6937704a0ec02a0024dda9080926831dd1d3b82d46676f24c7b1aa2b0184c45db71d8663f4419918f9fae0e491e17d022b44e975a2f751c9f5d

    • SSDEEP

      1536:MzVfUs/w3nlFjyqoLuZr1jMjomJH5X0sZCIZ/0K7buadkRgTQvXnBEAhM/QUbqW4:M3onlFuIR+X0pI97ZzQfnbmy0LNanyW

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks