Overview

overview

10

Static

static

3

TRXUniontr...pg.exe

windows10-1703-x64

10

TRXUniontr...pg.exe

windows7-x64

10

TRXUniontr...pg.exe

windows10-2004-x64

10

TRXUniontr...pg.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TRXUniontransfer_dtd_029042024_jpg.exe

  • Size

    2.3MB

  • Sample

    240517-vay9mahb64

  • MD5

    2058a7f8d1883cb12094943f67ecc4d5

  • SHA1

    ea8c15bb13614589fd71b551f9dc1372e3969001

  • SHA256

    2536ed1c773890e946e5dadb6566ccceafae393378261d01ff98107eae5a2206

  • SHA512

    f9c7312c616c82b55ec1f6cc2cb84a56ac1196f14eb97b3c120c98daa311c7d784e8790153149ebcda6bd4a951f7a4a614cd22f775514f1b637df2eb3ebfe12a

  • SSDEEP

    49152:6BCxJceRCf3Utos/LFwz+ZkvLnjQB+mGFqngC86ZJu1eHY:yRsto66+Zkjjqgd6u1eHY

Score
10/10
netsupportrat

Malware Config

Targets

    • Target

      TRXUniontransfer_dtd_029042024_jpg.exe

    • Size

      2.3MB

    • MD5

      2058a7f8d1883cb12094943f67ecc4d5

    • SHA1

      ea8c15bb13614589fd71b551f9dc1372e3969001

    • SHA256

      2536ed1c773890e946e5dadb6566ccceafae393378261d01ff98107eae5a2206

    • SHA512

      f9c7312c616c82b55ec1f6cc2cb84a56ac1196f14eb97b3c120c98daa311c7d784e8790153149ebcda6bd4a951f7a4a614cd22f775514f1b637df2eb3ebfe12a

    • SSDEEP

      49152:6BCxJceRCf3Utos/LFwz+ZkvLnjQB+mGFqngC86ZJu1eHY:yRsto66+Zkjjqgd6u1eHY

    Score
    10/10
    netsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks