General
-
Target
1414b254f44bba8e17b01983dc22adde.bin
-
Size
35.1MB
-
Sample
240203-bdwhcsffeq
-
MD5
acd5a939c1f76ab906dd816bf3359ced
-
SHA1
6684d6574e2e02e9f85a871e8371bd1bf4b6bbaf
-
SHA256
e180a6af920dd1910d277e1d969d0d3367d221ee7dd84331b2f98b98be3b853b
-
SHA512
46c1ae3cafa20eb0c140388cabbaab2309a1b47bd119b44a17dc382f0ea067e95d33bb81289d4a2cef983c056fb3fc3430517de7d9906e17d4660c6ec2e38c2b
-
SSDEEP
786432:+ci8iSfDbgEgDZeMXMxuHrY/sEltzJ31lqrpBXzn:68TfDbgNdP3LM/J310rpBXzn
Static task
static1
Behavioral task
behavioral1
Sample
474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045.msi
-
Size
35.2MB
-
MD5
1414b254f44bba8e17b01983dc22adde
-
SHA1
a12059b028647968a03d9483815dc5c13bb4b841
-
SHA256
474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045
-
SHA512
1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899
-
SSDEEP
786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies Windows Firewall
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1