netsupport | 90e33c8f2a91e71f3882d4170da5daa0d24918d3b37739c4d556bb92ac2693b0 | Triage

Sharing

General

Target

90e33c8f2a91e71f3882d4170da5daa0d24918d3b37739c4d556bb92ac2693b0.exe
Size

2.1MB
Sample

240223-fzhwlscc82
MD5

6159ee59aeaafe9dbfd8ba7863a79a47
SHA1

6c2c30b18eb90a7d3006e7144269740d6c39994d
SHA256

90e33c8f2a91e71f3882d4170da5daa0d24918d3b37739c4d556bb92ac2693b0
SHA512

0af746fdd719756d0f91356eef6ea92412d34d705f3f21d46b2d2d283f548558ae8f3d990dd1fd1ea52573f110e94433d15941cdd9ff6abc602139164dc6a46b
SSDEEP

49152:zBN1Wku+0l5qO6T9xI2AdPj15GZ0yB/dqyvV4mJ8:lN1Wku+0lju3PAdPj15GZftu

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  90e33c8f2a91e71f3882d4170da5daa0d24918d3b37739c4d556bb92ac2693b0.exe
- Size
  
  2.1MB
- MD5
  
  6159ee59aeaafe9dbfd8ba7863a79a47
- SHA1
  
  6c2c30b18eb90a7d3006e7144269740d6c39994d
- SHA256
  
  90e33c8f2a91e71f3882d4170da5daa0d24918d3b37739c4d556bb92ac2693b0
- SHA512
  
  0af746fdd719756d0f91356eef6ea92412d34d705f3f21d46b2d2d283f548558ae8f3d990dd1fd1ea52573f110e94433d15941cdd9ff6abc602139164dc6a46b
- SSDEEP
  
  49152:zBN1Wku+0l5qO6T9xI2AdPj15GZ0yB/dqyvV4mJ8:lN1Wku+0lju3PAdPj15GZftu
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2