netsupport | be84be78a5ff8b06efa417f9a69b0eceafbe07bd2e61db88c4bac5757e38b5df | Triage

Sharing

General

Target

16042024_2042_Update_123.0.6312.107.js
Size

16.0MB
Sample

240416-pyb64sae72
MD5

247bb3685fe1544f0f899f8df2db38cd
SHA1

6f6d97f854c901f2d32ad81df6c62ce5e6c4a25a
SHA256

be84be78a5ff8b06efa417f9a69b0eceafbe07bd2e61db88c4bac5757e38b5df
SHA512

98970cc7d0d46d1042bb7b2c3f531954e9140a9ee97fbe987779979b996a1501203c1c8cebec6bf7a5880cd56b8c77330e2ebc1c59b152377e1331b6f239c867
SSDEEP

49152:f7V7zjCxbzqHlp4LhyN0kghDzLZzjYzYsmCW+8z2V35//9SGGqHm3quVIKXgxcEc:O

Score

10^/10

netsupport persistence rat

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://gitkonus.com/data.php?14743

exe.dropper

https://gitkonus.com/data.php?14743

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://gitkonus.com/data.php?13475

exe.dropper

https://gitkonus.com/data.php?13475

Targets

- Target
  
  16042024_2042_Update_123.0.6312.107.js
- Size
  
  16.0MB
- MD5
  
  247bb3685fe1544f0f899f8df2db38cd
- SHA1
  
  6f6d97f854c901f2d32ad81df6c62ce5e6c4a25a
- SHA256
  
  be84be78a5ff8b06efa417f9a69b0eceafbe07bd2e61db88c4bac5757e38b5df
- SHA512
  
  98970cc7d0d46d1042bb7b2c3f531954e9140a9ee97fbe987779979b996a1501203c1c8cebec6bf7a5880cd56b8c77330e2ebc1c59b152377e1331b6f239c867
- SSDEEP
  
  49152:f7V7zjCxbzqHlp4LhyN0kghDzLZzjYzYsmCW+8z2V35//9SGGqHm3quVIKXgxcEc:O
Score

10^/10

netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportpersistencerat