netsupport | 37961d0ca2cdbc6ad9bf89a892d230d5be6273d34accb3dac4251281ea048ed9 | Triage

Sharing

General

Target

Scanned_05_28-2024_402430.html
Size

8KB
Sample

240528-xajv2sgf37
MD5

784b4c79a9c2a62a393bbe72714f2043
SHA1

aef37309eacd572503df355ef75ad42021fcd253
SHA256

37961d0ca2cdbc6ad9bf89a892d230d5be6273d34accb3dac4251281ea048ed9
SHA512

e269f6f767be7453e7b402de620786b6464be65bbfd3f5a8ae2fc4e8c873526bb3c9414b598245a2aae2966fcd6946b5b2f97db11acfc48c8916c370989a1024
SSDEEP

96:MhvvIFO2B40aPMfiWTMFSCH+PGy9MgC3/mGlby3Pnwp0tUNAkacVjS0uT9ji/Di5:MGZEhLqMgEOG4/nw+CWvYAZi/Di5

Score

10^/10

netsupport execution rat

Malware Config

Targets

- Target
  
  Scanned_05_28-2024_402430.html
- Size
  
  8KB
- MD5
  
  784b4c79a9c2a62a393bbe72714f2043
- SHA1
  
  aef37309eacd572503df355ef75ad42021fcd253
- SHA256
  
  37961d0ca2cdbc6ad9bf89a892d230d5be6273d34accb3dac4251281ea048ed9
- SHA512
  
  e269f6f767be7453e7b402de620786b6464be65bbfd3f5a8ae2fc4e8c873526bb3c9414b598245a2aae2966fcd6946b5b2f97db11acfc48c8916c370989a1024
- SSDEEP
  
  96:MhvvIFO2B40aPMfiWTMFSCH+PGy9MgC3/mGlby3Pnwp0tUNAkacVjS0uT9ji/Di5:MGZEhLqMgEOG4/nw+CWvYAZi/Di5
Score

10^/10

netsupport execution rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportexecutionrat