netsupport | fb3a162f90596dad016f845760a11a15415d09d4b46289eb81f30f550ef83544 | Triage

Sharing

General

Target

Advanced_IP_Scanner_2.5.4594.1.exe
Size

1.5MB
Sample

240611-xjjawaxdlc
MD5

da9584768f8ab97ad015ab14df3428de
SHA1

b8b664bd84744ffe30826d10ad6bb986a4a9418b
SHA256

fb3a162f90596dad016f845760a11a15415d09d4b46289eb81f30f550ef83544
SHA512

2ce68c4a9dc72280cbc8231529d975006a674422e25e51edfec3b156623606596cd959fde2d4bc91bef0251630fbebd604f2587d4f4f8e861776c754b35f4fad
SSDEEP

24576:a9Yu8GgnSR7uT7O8qGVniQjY2nyZlEe+NB4HNoP8Bw/F3cjtBxVTNbpM7Z3af53G:ZGMK7qPVFjY2nyZSNB4t48sUjbpcZ3eG

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  Advanced_IP_Scanner_2.5.4594.1.exe
- Size
  
  1.5MB
- MD5
  
  da9584768f8ab97ad015ab14df3428de
- SHA1
  
  b8b664bd84744ffe30826d10ad6bb986a4a9418b
- SHA256
  
  fb3a162f90596dad016f845760a11a15415d09d4b46289eb81f30f550ef83544
- SHA512
  
  2ce68c4a9dc72280cbc8231529d975006a674422e25e51edfec3b156623606596cd959fde2d4bc91bef0251630fbebd604f2587d4f4f8e861776c754b35f4fad
- SSDEEP
  
  24576:a9Yu8GgnSR7uT7O8qGVniQjY2nyZlEe+NB4HNoP8Bw/F3cjtBxVTNbpM7Z3af53G:ZGMK7qPVFjY2nyZSNB4t48sUjbpcZ3eG
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4