netsupport | 5dc075fa21c26a577e957f0998567325360feac1724129cc597fa066a7732ae0 | Triage

Sharing

General

Target

5dc075fa21c26a577e957f0998567325360feac1724129cc597fa066a7732ae0.js
Size

58KB
Sample

240305-cs1ajabh3x
MD5

3564cec4227a927c5fbe75f6d7f16593
SHA1

d5d17ca63dae059091907d1d32b30bae5b66bd47
SHA256

5dc075fa21c26a577e957f0998567325360feac1724129cc597fa066a7732ae0
SHA512

f9cacdc4393e4d1f2fba97c2b35fb22ea7b428d603d9f1ba696ff0aee8fda0241ef3141bb4c7083d4e4d1f33e91fa9d682341fa01dbae886a76aef28993dcde3
SSDEEP

1536:DRqUVuL8zDZOcbTnzNIol0vcasq4BdhUGEYU:lqUV88XZOcbTnzNrlIcDq4BdOr

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

- Target
  
  5dc075fa21c26a577e957f0998567325360feac1724129cc597fa066a7732ae0.js
- Size
  
  58KB
- MD5
  
  3564cec4227a927c5fbe75f6d7f16593
- SHA1
  
  d5d17ca63dae059091907d1d32b30bae5b66bd47
- SHA256
  
  5dc075fa21c26a577e957f0998567325360feac1724129cc597fa066a7732ae0
- SHA512
  
  f9cacdc4393e4d1f2fba97c2b35fb22ea7b428d603d9f1ba696ff0aee8fda0241ef3141bb4c7083d4e4d1f33e91fa9d682341fa01dbae886a76aef28993dcde3
- SSDEEP
  
  1536:DRqUVuL8zDZOcbTnzNIol0vcasq4BdhUGEYU:lqUV88XZOcbTnzNrlIcDq4BdOr
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat