netsupport | 9a4e39fcb4033a9c849890085b67faea7265eaf56744e77aa8180b1834b7e14a | Triage

Sharing

General

Target

OwJViJVcVDtGwyBrPZixBrwr.ps1
Size

5KB
Sample

240424-sjdm6scb43
MD5

48ec3b15711ce5f49ee79e8cbf8c0f1f
SHA1

9d263753c22d21681fbde1bda539beee56ded769
SHA256

9a4e39fcb4033a9c849890085b67faea7265eaf56744e77aa8180b1834b7e14a
SHA512

61f7696e8c0dcf59e354fcbbdaa0aa0845a2b2d02d3762a7410a83cb211db87d571dea95308db54aaf060189627dbe4785ee951a28a7ba152e973555424d808e
SSDEEP

96:0NNYJo13C6KjlHHCiGqPaHPgfnRk+qPIKsO1ezfgmwqPoase1ejvysKEO1ezfgmX:8Oo1NKjNwqPaHPgfnR7qPIKsO1dbqPoX

Score

10^/10

netsupport rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.concur.com/

Targets

- Target
  
  OwJViJVcVDtGwyBrPZixBrwr.ps1
- Size
  
  5KB
- MD5
  
  48ec3b15711ce5f49ee79e8cbf8c0f1f
- SHA1
  
  9d263753c22d21681fbde1bda539beee56ded769
- SHA256
  
  9a4e39fcb4033a9c849890085b67faea7265eaf56744e77aa8180b1834b7e14a
- SHA512
  
  61f7696e8c0dcf59e354fcbbdaa0aa0845a2b2d02d3762a7410a83cb211db87d571dea95308db54aaf060189627dbe4785ee951a28a7ba152e973555424d808e
- SSDEEP
  
  96:0NNYJo13C6KjlHHCiGqPaHPgfnRk+qPIKsO1ezfgmwqPoase1ejvysKEO1ezfgmX:8Oo1NKjNwqPaHPgfnR7qPIKsO1dbqPoX
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4