netsupport | 5a0e7fdd2a5427e48762f03b3eb4efc9698aa21e602e625935fe07a42cfe8271 | Triage

Sharing

General

Target

5a0e7fdd2a5427e48762f03b3eb4efc9698aa21e602e625935fe07a42cfe8271.zip
Size

5.3MB
Sample

240608-bktmcaeh5y
MD5

0aaf1360e370c7b70322fb2c472100a1
SHA1

903a489ad591c1896bc062d7c82366702cec2715
SHA256

5a0e7fdd2a5427e48762f03b3eb4efc9698aa21e602e625935fe07a42cfe8271
SHA512

2dcbdb591b0b6eee5b86d14709024231c2f835bb48fcccbc3e9905d7a192453acb438c38830badcc67e1774e05f5f96e4e8f64c87e2bb13adc0541001da9f994
SSDEEP

98304:3mJtXUVXhuOCFf8w7iGtY7mm6nWVOunDXAJ50qCKEsFdJH/Zf3ci1T:WvUCOM8w7/t0L0WoH0qCK/Fb/tPd

Score

10^/10

netsupport execution persistence rat

Malware Config

Targets

- Target
  
  Update 124.0.6367.158.js
- Size
  
  3.5MB
- MD5
  
  11f2b271d98b6d8e2ad624af3c87a5a9
- SHA1
  
  5540bb84e6a9af516c01ad25eb5e1d9dd42a0e3c
- SHA256
  
  bea62cbac1011a303dae7d43eec61e9b31d80ea4c92cd0fa1d18a9a04e6a2541
- SHA512
  
  d984b0102b64bf3b027d9de54e56c9ee8f0ff87a373b97fd8546d9885f610b98e2a889efa1d994b2f0775d56e12a0912e83a16fd258c2680e8cf27c8a12231e4
- SSDEEP
  
  49152:paZYOjByI+BJ8V6tlBDBFvLBLtmpf+T2vPHr+Z3jb4WsjcqTbsPF5xhyMa81qIdi:Q
Score

10^/10

netsupport execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportexecutionpersistencerat

behavioral2

netsupportexecutionpersistencerat