netsupport | a39de8933347e938b54c91d53e1e8b12e26a5d26e4afa29a8ce797363642fc87 | Triage

Sharing

General

Target

a39de8933347e938b54c91d53e1e8b12e26a5d26e4afa29a8ce797363642fc87.js
Size

70KB
Sample

240305-c39xqacc6v
MD5

86a544b80751c23778041d0f2491dce3
SHA1

bf1c959a0bf0dcc1452a93977305d124ae6f9154
SHA256

a39de8933347e938b54c91d53e1e8b12e26a5d26e4afa29a8ce797363642fc87
SHA512

8dbc58a6aba12a5988adf8bcdff1f5a45d26057fc81366bf7bc380c5c728e992c5a1a5cf08f370003f894f09a183bcf7aec75d94fb9235ba4d12f75d5de35262
SSDEEP

1536:LHs3dKKIBrOVux3DFypWgfwKLQP0wgqgFEk4xrEBfTkA5SMG9B2Vn5M0UuQwbuI8:wNKKIBrOVux3DFypWgfwoQP0wgqgFEkW

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

- Target
  
  a39de8933347e938b54c91d53e1e8b12e26a5d26e4afa29a8ce797363642fc87.js
- Size
  
  70KB
- MD5
  
  86a544b80751c23778041d0f2491dce3
- SHA1
  
  bf1c959a0bf0dcc1452a93977305d124ae6f9154
- SHA256
  
  a39de8933347e938b54c91d53e1e8b12e26a5d26e4afa29a8ce797363642fc87
- SHA512
  
  8dbc58a6aba12a5988adf8bcdff1f5a45d26057fc81366bf7bc380c5c728e992c5a1a5cf08f370003f894f09a183bcf7aec75d94fb9235ba4d12f75d5de35262
- SSDEEP
  
  1536:LHs3dKKIBrOVux3DFypWgfwKLQP0wgqgFEk4xrEBfTkA5SMG9B2Vn5M0UuQwbuI8:wNKKIBrOVux3DFypWgfwoQP0wgqgFEkW
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat