netsupport | 2938261c867331e12e7cff9ee28366f3986986108eeb00507db74cf0d7b6aad2 | Triage

Sharing

General

Target

XCIlhzFXdplpXdhQXCyywBkGlU.ps1
Size

5KB
Sample

240429-radfdacf6x
MD5

363cd210251ca4b6c5835aa6ddf0e552
SHA1

0de0a05c51fc9c6bdcacccf0cd621ec925534ba5
SHA256

2938261c867331e12e7cff9ee28366f3986986108eeb00507db74cf0d7b6aad2
SHA512

55e24aebd8bc9e712dd6da5669a0a091842b5512504b4fe494e43a225ea1a0d60adc4d950f3b5f8fe0ba58a2f06a3d77c5cf76059dd8fccd0c644ccd2aef001e
SSDEEP

96:7oihiyvIeOVMbPYpuXq94KVP5/BtTUol7P5PxtTRyjXBtTUol7P5PxtTRyruV2oL:7o4iyvZOVaPYpu6940P5/BtDl7P5Pxtu

Score

10^/10

netsupport rat

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn35.space/files/document.pdf

Targets

- Target
  
  XCIlhzFXdplpXdhQXCyywBkGlU.ps1
- Size
  
  5KB
- MD5
  
  363cd210251ca4b6c5835aa6ddf0e552
- SHA1
  
  0de0a05c51fc9c6bdcacccf0cd621ec925534ba5
- SHA256
  
  2938261c867331e12e7cff9ee28366f3986986108eeb00507db74cf0d7b6aad2
- SHA512
  
  55e24aebd8bc9e712dd6da5669a0a091842b5512504b4fe494e43a225ea1a0d60adc4d950f3b5f8fe0ba58a2f06a3d77c5cf76059dd8fccd0c644ccd2aef001e
- SSDEEP
  
  96:7oihiyvIeOVMbPYpuXq94KVP5/BtTUol7P5PxtTRyjXBtTUol7P5PxtTRyruV2oL:7o4iyvZOVaPYpu6940P5/BtDl7P5Pxtu
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2