netsupport | fc5729e8e94fe732deb97c9d55f32e99846d7071fb7ba82c6d318cd6482d75bf | Triage

Sharing

General

Target

fc5729e8e94fe732deb97c9d55f32e99846d7071fb7ba82c6d318cd6482d75bf.js
Size

69KB
Sample

240305-dfrcjadf77
MD5

c218a5c6e3a7cdac40feaae488871aec
SHA1

e1be3f6a295ca637e7904680f048888616fc6616
SHA256

fc5729e8e94fe732deb97c9d55f32e99846d7071fb7ba82c6d318cd6482d75bf
SHA512

53a004dff7955506e0222dfb5c740d1eefccea83ebfa1ef05d3883e6d686a5831bdb24e754bebab03042c1971a436cf02a96367a7c5b9a67b56af5813399aed2
SSDEEP

1536:ENM8fw49XEYpefiNx7amLDBsUoKQ++xqp2fCeyeU/91yMvWbkSGA9rN1b+1bm:EBR9UHuD3d+Ip2fC9/9wkWbkSGA9R1b1

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://compactgrill.hu/care.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://whatisfurosemide.com/f877c2e5-2949-4498-af83-6a5c5jd37342a.txt

Targets

- Target
  
  fc5729e8e94fe732deb97c9d55f32e99846d7071fb7ba82c6d318cd6482d75bf.js
- Size
  
  69KB
- MD5
  
  c218a5c6e3a7cdac40feaae488871aec
- SHA1
  
  e1be3f6a295ca637e7904680f048888616fc6616
- SHA256
  
  fc5729e8e94fe732deb97c9d55f32e99846d7071fb7ba82c6d318cd6482d75bf
- SHA512
  
  53a004dff7955506e0222dfb5c740d1eefccea83ebfa1ef05d3883e6d686a5831bdb24e754bebab03042c1971a436cf02a96367a7c5b9a67b56af5813399aed2
- SSDEEP
  
  1536:ENM8fw49XEYpefiNx7amLDBsUoKQ++xqp2fCeyeU/91yMvWbkSGA9rN1b+1bm:EBR9UHuD3d+Ip2fC9/9wkWbkSGA9R1b1
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat