netsupport | 980fcb6365092cd752934417abb0f2a95bca452c58856240157107e70c1d754d | Triage

Sharing

General

Target

980fcb6365092cd752934417abb0f2a95bca452c58856240157107e70c1d754d.exe
Size

2.1MB
Sample

240414-byp63scg78
MD5

77970896073bbafdc8c1811414c62536
SHA1

c2d2fdbc9e80daa95e3046e2d3bd13e7ca312e18
SHA256

980fcb6365092cd752934417abb0f2a95bca452c58856240157107e70c1d754d
SHA512

5fc31572ad864ca15cd2eb7e8baadc62b72a72ad5d28da4ae04158f67b6cbfd1985983586fd6e51a4781bdffbdd557b30d44d38a3a37ae88cf785c834d739a30
SSDEEP

49152:/Xe2JFJ0l5VO6T9xX2AdPj15GZ0yB/dqyvVamJW:/Xe2JFJ0liu3GAdPj15GZft6

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  980fcb6365092cd752934417abb0f2a95bca452c58856240157107e70c1d754d.exe
- Size
  
  2.1MB
- MD5
  
  77970896073bbafdc8c1811414c62536
- SHA1
  
  c2d2fdbc9e80daa95e3046e2d3bd13e7ca312e18
- SHA256
  
  980fcb6365092cd752934417abb0f2a95bca452c58856240157107e70c1d754d
- SHA512
  
  5fc31572ad864ca15cd2eb7e8baadc62b72a72ad5d28da4ae04158f67b6cbfd1985983586fd6e51a4781bdffbdd557b30d44d38a3a37ae88cf785c834d739a30
- SSDEEP
  
  49152:/Xe2JFJ0l5VO6T9xX2AdPj15GZ0yB/dqyvVamJW:/Xe2JFJ0liu3GAdPj15GZft6
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2