Overview

overview

10

Static

static

10

WqZxLxZrOr...Tu.ps1

windows10-1703-x64

10

WqZxLxZrOr...Tu.ps1

windows10-2004-x64

1

WqZxLxZrOr...Tu.ps1

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WqZxLxZrOrnMWYaBaBKdLenVTu.ps1

  • Size

    5KB

  • Sample

    240429-sp819sdg74

  • MD5

    9e627a249d5f4f80c19ff51169a7db10

  • SHA1

    2f8ee955a8765d25170ef3a0c36356d0dbe42c85

  • SHA256

    f491d8b510ee283d24d40aa5233743d8cf834a164d0f681af8870dd1f35b734c

  • SHA512

    02dd75ce82af639aff79e29fe7f3581b668a337eadea9bf2f00a35740c23d1e509a714ab5e1ddcfbe8598022ed69eac56db181cfd5bcb555fb08253b4159305f

  • SSDEEP

    96:nGzO1DZtqKMPfas4g54jP5fPceEn6dYPJ/P8eEHPyUXPceEn6dYPJ/P8eEHPyb:nT1DDGPfBXOjP5fkpnxPJ/EpHPyUXkpB

Score
10/10
netsupportrat

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.wsj.com/

Targets

    • Target

      WqZxLxZrOrnMWYaBaBKdLenVTu.ps1

    • Size

      5KB

    • MD5

      9e627a249d5f4f80c19ff51169a7db10

    • SHA1

      2f8ee955a8765d25170ef3a0c36356d0dbe42c85

    • SHA256

      f491d8b510ee283d24d40aa5233743d8cf834a164d0f681af8870dd1f35b734c

    • SHA512

      02dd75ce82af639aff79e29fe7f3581b668a337eadea9bf2f00a35740c23d1e509a714ab5e1ddcfbe8598022ed69eac56db181cfd5bcb555fb08253b4159305f

    • SSDEEP

      96:nGzO1DZtqKMPfas4g54jP5fPceEn6dYPJ/P8eEHPyUXPceEn6dYPJ/P8eEHPyb:nT1DDGPfBXOjP5fkpnxPJ/EpHPyUXkpB

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks