netsupport

Sharing

Copy URL

Twitter E-mail

General

Target

311d327646d96a942f18a7fe4a09dc0a0c6a4f0cfd1e2842400bac80d0cdadec.zip
Size

3.0MB
Sample

240620-2tgbgs1eqe
MD5

eb323c80948eb53262ed96dcda08b63e
SHA1

d8c351574e7307e8aba68f5c4145ea40ddb22207
SHA256

30fe7a7d5ac9b610d4a837bb343ebe3f1be7a6019c0ca439ef1b895cabd7e5a8
SHA512

f627b4cb55ed55a0ec638f01778f381982c24d558c15df437b7aa5fbe5f4b0ea86a64596ab01f8e132ad36a87c586d45fd4bd888b768c83a4e955510cfe9fd01
SSDEEP

98304:bXbqKwjoSOdUTGo5A5NaQgdnqQfDUGRp7YwTW14vA3:bLqSSOdTo25NaQgVqQfrswTW6s

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  311d327646d96a942f18a7fe4a09dc0a0c6a4f0cfd1e2842400bac80d0cdadec.zip
- Size
  
  3.0MB
- MD5
  
  93a5321c3d18523c4bc4465a2f4bd417
- SHA1
  
  2010b41e47a7bc1d0732efc073876d8e99126f88
- SHA256
  
  311d327646d96a942f18a7fe4a09dc0a0c6a4f0cfd1e2842400bac80d0cdadec
- SHA512
  
  1d18ab2039c24d2d4edf0c0d056d254cec4d128563e91ea87a34055c1f63cd520f4435da5faf3bd28d6f5d21dbd4a69c50db448c7cd2bf232ceca3714422d1be
- SSDEEP
  
  98304:E1JFXa/hRFY89YYc9jh23redpmQRbU6nJsjfH:UJSxYoY59V0redpmQRbdnJGH
Score

1^/10
behavioral1
- Target
  
  HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  c94005d2dcd2a54e40510344e0bb9435
- SHA1
  
  55b4a1620c5d0113811242c20bd9870a1e31d542
- SHA256
  
  3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899
- SHA512
  
  2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a
- SSDEEP
  
  6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
Score

3^/10
behavioral2
- Target
  
  NSM.LIC
- Size
  
  195B
- MD5
  
  e9609072de9c29dc1963be208948ba44
- SHA1
  
  03bbe27d0d1ba651ff43363587d3d6d2e170060f
- SHA256
  
  dc6a52ad6d637eb407cc060e98dfeedcca1167e7f62688fb1c18580dd1d05747
- SHA512
  
  f0e26aa63b0c7f1b31074b9d6eef88d0cfbc467f86b12205cb539a45b0352e77ce2f99f29baeab58960a197714e72289744143ba17975699d058fe75d978dfd0
Score

3^/10
behavioral3
- Target
  
  NSM.ini
- Size
  
  6KB
- MD5
  
  88b1dab8f4fd1ae879685995c90bd902
- SHA1
  
  3d23fb4036dc17fa4bee27e3e2a56ff49beed59d
- SHA256
  
  60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92
- SHA512
  
  4ea2c20991189fe1d6d5c700603c038406303cca594577ddcbc16ab9a7915cb4d4aa9e53093747db164f068a7ba0f568424bc8cb7682f1a3fb17e4c9ec01f047
- SSDEEP
  
  96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
Score

1^/10
behavioral4
- Target
  
  PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  104b30fef04433a2d2fd1d5f99f179fe
- SHA1
  
  ecb08e224a2f2772d1e53675bedc4b2c50485a41
- SHA256
  
  956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd
- SHA512
  
  5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f
- SSDEEP
  
  192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
Score

1^/10
behavioral5
- Target
  
  PCICL32.DLL
- Size
  
  3.6MB
- MD5
  
  d3d39180e85700f72aaae25e40c125ff
- SHA1
  
  f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15
- SHA256
  
  38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5
- SHA512
  
  471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f
- SSDEEP
  
  49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
Score

1^/10
behavioral6
- Target
  
  TCCTL32.DLL
- Size
  
  387KB
- MD5
  
  2c88d947a5794cf995d2f465f1cb9d10
- SHA1
  
  c0ff9ea43771d712fe1878dbb6b9d7a201759389
- SHA256
  
  2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e
- SHA512
  
  e55679ff66ded375a422a35d0f92b3ac825674894ae210dbef3642e4fc232c73114077e84eae45c6e99a60ef4811f4a900b680c3bf69214959fa152a3dfbe542
- SSDEEP
  
  12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6
Score

1^/10
behavioral7
- Target
  
  client32.exe
- Size
  
  101KB
- MD5
  
  c4f1b50e3111d29774f7525039ff7086
- SHA1
  
  57539c95cba0986ec8df0fcdea433e7c71b724c6
- SHA256
  
  18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
- SHA512
  
  005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5
- SSDEEP
  
  768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
behavioral8
- Target
  
  client32.ini
- Size
  
  671B
- MD5
  
  c94845bb509056e66ee5767759c9e5bd
- SHA1
  
  c1b6e003cf0ab1f236375faebe8707d519fd8a3d
- SHA256
  
  b2caadb660455f1aaf3737b93879e35d05602be1fdf2531602fd61e006e8c80a
- SHA512
  
  6c3750804763221bc72031c051eb9ae67874ffae7795f96435ef577ff3f7e84f5a42c9715ebbde53b1bd9e9ad5b7e59a691ab36df2267a5a5fc2c84f032d1e86
Score

1^/10
behavioral9
- Target
  
  install/24.4.4.1168.manifest
- Size
  
  223B
- MD5
  
  2bc6a1bed7998c7257d29529a30abef8
- SHA1
  
  d2d61a45e9283f2fd6f491d06f683f391af4319b
- SHA256
  
  570e26e2e0c74a1550af9d91b0ab11c2ac65eef172c9ae62626a6b7a20f6ce99
- SHA512
  
  caf0c628974b5caf2b3f819ff741bfd9b13d16049106f90c3f4e2d701c1816a4b5b456b9d596656e09c95d276dcc117719109e0aded1e23b214e25954d7a8b45
Score

3^/10
behavioral10
- Target
  
  install/brand_config
- Size
  
  8KB
- MD5
  
  71a26ab12ce31092acc888291cfa1a12
- SHA1
  
  0a9d81905cabd0dd0cb9bbd64fa4c07b30dc2f1e
- SHA256
  
  73f84c4a68861ab073639275ff5b8378d2da04267c266677f73091da7e8d3e1c
- SHA512
  
  bf995e8ed7c23b588108921b614a03931c1eaf0773599d0c14a78b2285710a121f391def9fcf61ce24d61db37f0f8518f4713fbb7ba6af25c09cafad1596483b
- SSDEEP
  
  96:Qr63FEiE1M8Tt4yhcSqfHSw9UjtSNQnvuniIBdorZnlTzs1U4f1aaL3Jluzs1U4N:QWVEiE1Jt9hyLNQSkT/yu/55h4Ra2Gy
Score

1^/10
behavioral11
- Target
  
  install/browser.VisualElementsManifest.xml
- Size
  
  585B
- MD5
  
  452f6c49c49e0dfd6f2889051be44cad
- SHA1
  
  bf7ef560ec8b9bccacd9abf1d738d8c932c0385b
- SHA256
  
  1f5796532069af1a770b29646a067d4bdfbdd297094fff815bbbbec7565cb937
- SHA512
  
  45741a8b7a0ef0c6df67f1e3a2647936e5b2c40dc6330b2f6a442a9191f2fbee28cf43dff7ccfcf58ff50b8134fe1867fc361bdb7db2ffc94d183e89067ea504
Score

1^/10
behavioral12
- Target
  
  install/clidmgr.exe
- Size
  
  147KB
- MD5
  
  86b97526f262ecf87ed7ecd6c7eb4218
- SHA1
  
  d009c56e5fdadb73975c253a14616098dc8d243d
- SHA256
  
  33919f6b6975431c22a06c41c32e5f7092860958c68e453eaff9781bb6ab274a
- SHA512
  
  dcfa8730ff4da19ecdf72507f36fac86f47c6133a13499605de9a70e8533da1984ff7f5800dc9a597c27b4649f237203f5400e344e22d3b3eb98e2d63f34f20f
- SSDEEP
  
  3072:oxDcaUS2mMpRUISOKJQSYyQhmlrPueM9U0:mgrSC0DOSYFAu7
Score

1^/10
behavioral13
- Target
  
  install/install_state.json
- Size
  
  1KB
- MD5
  
  ee98e8f0fc597e544430d6a60b74a23d
- SHA1
  
  6f40ecdc3157c76a6559b313c5218713a8d09035
- SHA256
  
  9fc2b15d6983aa169846d72dcceea59824cba852fd9e295dd8fcadf0e9eb2292
- SHA512
  
  0408a460be8997b12e9805fefbdccef78259f5d12b49950ce811b4999de46be86286195561e28f4deefa0705cad0fab3d82b0f40e8562335e8aff39516537438
Score

3^/10
behavioral14
- Target
  
  install/manifest.json
- Size
  
  170B
- MD5
  
  cba80ee11de525535bf2068ac23107b0
- SHA1
  
  479c817e5b4ae2e49e1e950359f072dd8a8d227f
- SHA256
  
  333654272a482dc66a15d07c778cdfed72e74f6fa50342f00995e26f5dc7678f
- SHA512
  
  5acdfd8874e3506c65446f5b5022879b74d5faa4d05af36c9835a35e542bab21d81af0f334403f9f3597b12c20c52e2de9377ed7b22466dea3d7ece47810d5f8
Score

3^/10
behavioral15
- Target
  
  install/partner-package.cab
- Size
  
  807KB
- MD5
  
  d1d2230d7ba1836ebf23f9c3ac440517
- SHA1
  
  d4c9bfa910b9464659136450f83552e60dc47e7c
- SHA256
  
  b132f4785853d215924baaf67b534b288144dc1fd058241301a599c07537cd40
- SHA512
  
  ad299fc1a3e41a73bde7f771dc98e0a8eedcc957b58927ba65fd76b777dba59265bd24a50a7bdc3c1ca88f374afd3cdf49d32f44c9f301390771c4d7a881c4bf
- SSDEEP
  
  24576:r3O5CbVjuxZ0x+AJojz+GUAc7mTcmJF6Ov5BUjiQ06P:rGuUix+AJojzpUAcChJEOv5UiC
Score

1^/10
behavioral16
- Target
  
  partner_config
- Size
  
  341B
- MD5
  
  977bc7b2384ef1b3e78df8fbc3eeb16b
- SHA1
  
  7ee6110ca253005d738929b7ba0cc54ed2ed0a2e
- SHA256
  
  82e288090168abe15419015317fd38f56c1136e7481f66656d84e0a2d861d4d6
- SHA512
  
  4d154832ef3ac05abb1499a5bc8235d72f64cdaa3e6870206a6363c1d85d821604ae8a96850c2c8bd540d479b8dd5f3ce032472ed96bbf7eddb168ea3d2d1cf6
Score

1^/10
behavioral17
- Target
  
  resources/configs/all_zip
- Size
  
  606KB
- MD5
  
  6d4ae04da5fa47ce707f3c60d7b8ded5
- SHA1
  
  a8790bf67c4915abe83bfb95becba3460be6f86a
- SHA256
  
  c02f8cb15ee9645a69d23a3232fb78e02ff25e29ecb0d1044e2a7e8afb3018c2
- SHA512
  
  63c54cf11dd7e7bef34888a3d2fd2fb7f201493f3295b3dccc5ad01c3e5c079aab4f1489c3c2446dc0a09c73c3c8aa9016b43bd4a56f50a5e9d82ee7bb4b27e5
- SSDEEP
  
  12288:FlsgNS3lzxey+GgU3qorkuZdWDYADFTFHqAZsvuoETsP:/sgk3f+GgUrXdWtFFqvuNTsP
Score

1^/10
behavioral18
- Target
  
  resources/tablo
- Size
  
  618KB
- MD5
  
  bb60da7176a0286e561af09fa0512635
- SHA1
  
  54f8a5d7042b2350848a31bc7f7179d1deb66b6c
- SHA256
  
  f330378a339e5fe51e54af531b8a53b01c47b4448196c85a166034e44ead625f
- SHA512
  
  ba51700283f6f50de6da0c1585cca1558600e7cc0eb11ce6ee7a21aab7f1c088f7f589dbdeda5e477548c10b86fcdb821d307f3c8bf512f962eecd6ac0436211
- SSDEEP
  
  6144:kTMa7gcL0lYz4De/OxvNSIyDu6NRm85bU9uyd1ZjZuZEP0iycyryHYzFE3yUdK:kTMa7gIOxvNs6gI4tyd7VkEP0zNes
Score

1^/10
behavioral19
- Target
  
  install/preloaded_data.pb
- Size
  
  8KB
- MD5
  
  649c99af46addf93fdd5a214fb56e738
- SHA1
  
  322376c0cebf89d49f86337d6832441befd7c76f
- SHA256
  
  c352da21a972a669694c7178deadc41c9be440bd92bdac827fe96b79caac007e
- SHA512
  
  01fae333dd9480c6e638b151f84afa6a6d3c0f2e9ae0af1dc9c54795ecaa6bfb348ca80f792c0bbb9527a3b1d7b5a701ab637b12a61279e6764173b9c8ff8247
- SSDEEP
  
  192:sinu4QlEV/xIZKJmj99zRbxJKsO01dKxFJ:sinu4Qlm5ICmj99zRbxEvJxFJ
Score

3^/10
behavioral20
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10
behavioral21
- Target
  
  nskbfltr.inf
- Size
  
  328B
- MD5
  
  26e28c01461f7e65c402bdf09923d435
- SHA1
  
  1d9b5cfcc30436112a7e31d5e4624f52e845c573
- SHA256
  
  d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368
- SHA512
  
  c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7
Score

1^/10
behavioral22
- Target
  
  nsm_vpro.ini
- Size
  
  46B
- MD5
  
  3be27483fdcdbf9ebae93234785235e3
- SHA1
  
  360b61fe19cdc1afb2b34d8c25d8b88a4c843a82
- SHA256
  
  4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b
- SHA512
  
  edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5
Score

1^/10
behavioral23
- Target
  
  pcicapi.dll
- Size
  
  32KB
- MD5
  
  34dfb87e4200d852d1fb45dc48f93cfc
- SHA1
  
  35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641
- SHA256
  
  2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703
- SHA512
  
  f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2
- SSDEEP
  
  768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
Score

1^/10
behavioral24
- Target
  
  remcmdstub.exe
- Size
  
  62KB
- MD5
  
  6fca49b85aa38ee016e39e14b9f9d6d9
- SHA1
  
  b0d689c70e91d5600ccc2a4e533ff89bf4ca388b
- SHA256
  
  fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814
- SHA512
  
  f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622
- SSDEEP
  
  1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
Score

1^/10
behavioral25

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25