netsupport | 97a3712157c148aa25bc17605536fcf8dabaf209b2b0db0e88f33c47286b717a | Triage

Sharing

General

Target

BPI_ACCNT_4739154978_pdf.exe
Size

2.5MB
Sample

240618-vf5nlawenp
MD5

5b9c84e8c3b35c1ca7764a5d0aa97063
SHA1

1ec481eed3557fdd2844a0bbf3a74958bac4c804
SHA256

97a3712157c148aa25bc17605536fcf8dabaf209b2b0db0e88f33c47286b717a
SHA512

fd72b401f4a53d3776910b51d42ec694c37dc7efe6db83d77953f5679efa0847a119374476b1ebea0e531d567ba2b1df9f8697c7acac6713edb3e2078bdb26d3
SSDEEP

49152:HBasRNvvHIr4+fZ6uXLR7ph5/2U6WAeFLO65nG5Oqh2rrPVpHXc:hasbgrxx6uRFh5/2aO65nGkqWppHM

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  BPI_ACCNT_4739154978_pdf.exe
- Size
  
  2.5MB
- MD5
  
  5b9c84e8c3b35c1ca7764a5d0aa97063
- SHA1
  
  1ec481eed3557fdd2844a0bbf3a74958bac4c804
- SHA256
  
  97a3712157c148aa25bc17605536fcf8dabaf209b2b0db0e88f33c47286b717a
- SHA512
  
  fd72b401f4a53d3776910b51d42ec694c37dc7efe6db83d77953f5679efa0847a119374476b1ebea0e531d567ba2b1df9f8697c7acac6713edb3e2078bdb26d3
- SSDEEP
  
  49152:HBasRNvvHIr4+fZ6uXLR7ph5/2U6WAeFLO65nG5Oqh2rrPVpHXc:hasbgrxx6uRFh5/2aO65nGkqWppHM
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3