netsupport | 2c826b925a2022a468993a81d886a77416d28d23e6a95594bc40a77eb0a6dee4 | Triage

Sharing

General

Target

2c826b925a2022a468993a81d886a77416d28d23e6a95594bc40a77eb0a6dee4.js
Size

70KB
Sample

240305-clfybabf3y
MD5

2ba39ca046b6bd5c00fd7cebf65a570e
SHA1

2289c6fdc405d02fe1920b007c91d768ab8f860e
SHA256

2c826b925a2022a468993a81d886a77416d28d23e6a95594bc40a77eb0a6dee4
SHA512

9047f03f2681862f5cb3619f1aba44b5737cde5468063c0e308e3b1424031f553b02b78246403351690ef0ee691c22c0f7ba7158bb1caa751cbf13e29e04582f
SSDEEP

1536:ouiqYtAEYWeo5gNZffL2oloWyYfyO7jK/p+a45SIlSHWlo4:ouBYtAEYE52lfL2pWyzO7jK/p+a458HI

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

- Target
  
  2c826b925a2022a468993a81d886a77416d28d23e6a95594bc40a77eb0a6dee4.js
- Size
  
  70KB
- MD5
  
  2ba39ca046b6bd5c00fd7cebf65a570e
- SHA1
  
  2289c6fdc405d02fe1920b007c91d768ab8f860e
- SHA256
  
  2c826b925a2022a468993a81d886a77416d28d23e6a95594bc40a77eb0a6dee4
- SHA512
  
  9047f03f2681862f5cb3619f1aba44b5737cde5468063c0e308e3b1424031f553b02b78246403351690ef0ee691c22c0f7ba7158bb1caa751cbf13e29e04582f
- SSDEEP
  
  1536:ouiqYtAEYWeo5gNZffL2oloWyYfyO7jK/p+a45SIlSHWlo4:ouBYtAEYE52lfL2pWyzO7jK/p+a458HI
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat