netsupport | ba325f828378c1733044f3022d73d770e2a8e81aeb01605b13866de7e722075d | Triage

Sharing

General

Target

06032024_2056_06032024_IN_20552055 CP_20552055 D2055.zip
Size

9KB
Sample

240306-p6t2wsbc4y
MD5

5db5f74b1c5573f17fe17e3f9e264d3a
SHA1

38906107bacc909d692507b4d2a52d585560d994
SHA256

ba325f828378c1733044f3022d73d770e2a8e81aeb01605b13866de7e722075d
SHA512

e8d9b9e81c27767e121ed9c97088bf39e6648447c16c337beaada93ac4a2a17201500f72d477d3a06bc80a2594fdd49d9356d85ebd606f8b2b4ba169bd00b154
SSDEEP

192:EpSjdbWrywzCSzFqa6x32YsCKMx/IIbpXGzQ+TMnrwFV42kW8iXr:QSjdbWrycDI2VMxQK5AQZkFVh

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://cprismenergia.pt/open.txt

Targets

- Target
  
  IN_20552055 CP_20552055 D2055.lnk
- Size
  
  10KB
- MD5
  
  93562b0626c4db0640dff594fdc44efc
- SHA1
  
  33d9effa67cae9726124a3432e6913c324b8b716
- SHA256
  
  a1739e001e0720341f14466231a21bd12a74485dab59b0f4fde7f931467cb4b2
- SHA512
  
  edf748587ae68606935b495db2c78f9fe4e3198e69bcc7052fca66a14ff148f3aad5530688a715f4c9881783065b81951ccf4201e1f258f8f805eb6eee1e4c98
- SSDEEP
  
  192:815xsY5jfxXWCBdMNi8L2+6gJuOLdFbi6ppeaHRz2ywmc2sm9Wt:w5Tfxb2ioggJuAr1waHRz2nrgo
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat