Overview

overview

10

Static

static

1

85c6ab4916...97.exe

windows7-x64

10

85c6ab4916...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85c6ab4916dad9444c1ca9f8bdb42a97

  • Size

    3.5MB

  • Sample

    240201-drbq8acafr

  • MD5

    85c6ab4916dad9444c1ca9f8bdb42a97

  • SHA1

    2d78ce63220b5f86a367c2fe8e3e34686a1aa103

  • SHA256

    64caca487c57e5ea5952df3ccfe5924cb18f66f8653fa6fe156ef30604dfb48f

  • SHA512

    b213416e734c362db8c585a38f9c2e099255b3e4fc269ab3da24ed3484f98cf27905a6c75e2af68e9f5626dece7b26b17292a80f4a969a64bd988109f67aa107

  • SSDEEP

    98304:NeryXGHprtcmgyKexolnCpZwxzfOBLUF8ljRY:unZczZ2azf4Am5a

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      85c6ab4916dad9444c1ca9f8bdb42a97

    • Size

      3.5MB

    • MD5

      85c6ab4916dad9444c1ca9f8bdb42a97

    • SHA1

      2d78ce63220b5f86a367c2fe8e3e34686a1aa103

    • SHA256

      64caca487c57e5ea5952df3ccfe5924cb18f66f8653fa6fe156ef30604dfb48f

    • SHA512

      b213416e734c362db8c585a38f9c2e099255b3e4fc269ab3da24ed3484f98cf27905a6c75e2af68e9f5626dece7b26b17292a80f4a969a64bd988109f67aa107

    • SSDEEP

      98304:NeryXGHprtcmgyKexolnCpZwxzfOBLUF8ljRY:unZczZ2azf4Am5a

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks