Overview

overview

10

Static

static

1

freorra.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    freorra.zip

  • Size

    29KB

  • Sample

    240125-q8tdtahgdm

  • MD5

    5f0390c3845c233890ee952d21595a8c

  • SHA1

    b08ecfb49b500c67c42b8c686e5af1718a950001

  • SHA256

    1cdbdf9476b04724e12564394094ffa0f74e5345b2fd4d26a78749c408d34f8e

  • SHA512

    3d1484c19d7d6e98a1f8ff47bbb57bf0ed056b2e2e550e11e1be4b8fb077e0850b974edd46c940f4f0778bdf0b53d9652450f93251567bc67460c39535378fcd

  • SSDEEP

    768:iNSfaCoTy+nD/GfsyRKHQ2l3ncugzAonZa9Z:lou+nD/uRB2SugzAonZa9Z

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      freorra.hta

    • Size

      1.1MB

    • MD5

      b46fee5771193152ad4e92a2bd75436d

    • SHA1

      5ebc0363b9cfede7ce711e59b9c7bfbe7188a9d1

    • SHA256

      ab6492900c66882416208e9554d85504ad7f7fe6e9674945887bc6ac47ebfdbd

    • SHA512

      8125952c8a04a908d8245da32c77f0a5f6d5e60a925311deb4f24419cf6cd849d36e93e33505a2da2a07672148fd260409d4b34b8e2d49c6120abd27f2ca1e36

    • SSDEEP

      1536:87it7MAZeK2PbPqFBQ04r76oogc2KQ1GLXETTtjIm+lIWFkKI5nPz3iQYgol7VS0:Si6AZr2PbPmBQhru1biXk

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks