netsupport | 791361fad354fd2ea35a631c67d028a739a98d73bf0f8585ca33f69d13171ef8 | Triage

Sharing

General

Target

791361fad354fd2ea35a631c67d028a739a98d73bf0f8585ca33f69d13171ef8.js
Size

69KB
Sample

240305-cx8gpsca8s
MD5

02fad7e945ec4dd02b9dc733878472ed
SHA1

86bcc20004e3a18deb1fe49b638e232b47cf9569
SHA256

791361fad354fd2ea35a631c67d028a739a98d73bf0f8585ca33f69d13171ef8
SHA512

007d6e84608d00c9f5d899b6aa60b46a262d5d2034c18821a0cb466445f71a1dc31272753ef142713d3b6f87764dca51881af1b4e0a1b078a3073acb273cecc7
SSDEEP

1536:Kb8paJJQ9Lzgmpz22FR3t/KI3tDo3R6J8CIDDcQfCzk:FpaJJQlsmpz22/JTyVCIDDcGCg

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

- Target
  
  791361fad354fd2ea35a631c67d028a739a98d73bf0f8585ca33f69d13171ef8.js
- Size
  
  69KB
- MD5
  
  02fad7e945ec4dd02b9dc733878472ed
- SHA1
  
  86bcc20004e3a18deb1fe49b638e232b47cf9569
- SHA256
  
  791361fad354fd2ea35a631c67d028a739a98d73bf0f8585ca33f69d13171ef8
- SHA512
  
  007d6e84608d00c9f5d899b6aa60b46a262d5d2034c18821a0cb466445f71a1dc31272753ef142713d3b6f87764dca51881af1b4e0a1b078a3073acb273cecc7
- SSDEEP
  
  1536:Kb8paJJQ9Lzgmpz22FR3t/KI3tDo3R6J8CIDDcQfCzk:FpaJJQlsmpz22/JTyVCIDDcGCg
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat