netsupport | 45ff625f17a1e9ad65dd94c376034148d6d8eee8a41b1209f566a907f5d6d6c7 | Triage

Sharing

General

Target

c82f6b6c65e9617b6af32028c9d9b793
Size

2.2MB
Sample

240314-klrntafb5v
MD5

c82f6b6c65e9617b6af32028c9d9b793
SHA1

4a0d251ed5db7ec8bf4f5334d11d0c35549eb4a9
SHA256

45ff625f17a1e9ad65dd94c376034148d6d8eee8a41b1209f566a907f5d6d6c7
SHA512

667d8aba53d8e2a06739abdb6a5835e542c0affd4d87bf5e6b6d11ccbbc715aaf84caaee06635e2af78db2db0ce6e58dabacd7fb0943dc257d5b0352da99a525
SSDEEP

49152:reQeN/IirV+a2YCSdZeCP6OYKphcmX90ur7SnkGPgvNLc+:reh/DAa2VcbSOYUqmWurEkGPURc+

Score

10^/10

netsupport persistence rat

Malware Config

Targets

- Target
  
  c82f6b6c65e9617b6af32028c9d9b793
- Size
  
  2.2MB
- MD5
  
  c82f6b6c65e9617b6af32028c9d9b793
- SHA1
  
  4a0d251ed5db7ec8bf4f5334d11d0c35549eb4a9
- SHA256
  
  45ff625f17a1e9ad65dd94c376034148d6d8eee8a41b1209f566a907f5d6d6c7
- SHA512
  
  667d8aba53d8e2a06739abdb6a5835e542c0affd4d87bf5e6b6d11ccbbc715aaf84caaee06635e2af78db2db0ce6e58dabacd7fb0943dc257d5b0352da99a525
- SSDEEP
  
  49152:reQeN/IirV+a2YCSdZeCP6OYKphcmX90ur7SnkGPgvNLc+:reh/DAa2VcbSOYUqmWurEkGPURc+
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Registers new Windows logon scripts automatically executed at logon.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Initialization Scripts

Logon Script (Windows)

Privilege Escalation

Boot or Logon Initialization Scripts

Logon Script (Windows)

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportpersistencerat

behavioral2

netsupportpersistencerat