netsupport | 08d4a681aadff5681947514509c1f2af10ff8161950df2ae7f8ee214213edc17 | Triage

Sharing

General

Target

update_17_06_2024_5767063.msix
Size

5.7MB
Sample

240623-yl3yqstdln
MD5

8ccf6e48807afdf1ae0304fddaa232c8
SHA1

8f9f24a7856de7845f8bd3a389182fd3847f1298
SHA256

08d4a681aadff5681947514509c1f2af10ff8161950df2ae7f8ee214213edc17
SHA512

b416abb388f20242de28e152c27c709bc64e1c81b781e8dc3159c75006249131461048a6cb6c22e8fb7b604927180445db7b07a3bfc2ff9a50ec1fa017c2d7e3
SSDEEP

98304:1prM2Fn76yeCJMAeAbIqwRhDKb9h6R4I7Ow6EQJ2wfWpQ8kjHcgWLSzYr0:7PF+yeCiANILRhDKBhEJ7RRQJ2wfKsHl

Score

10^/10

netsupport execution rat

Malware Config

Targets

- Target
  
  update_17_06_2024_5767063.msix
- Size
  
  5.7MB
- MD5
  
  8ccf6e48807afdf1ae0304fddaa232c8
- SHA1
  
  8f9f24a7856de7845f8bd3a389182fd3847f1298
- SHA256
  
  08d4a681aadff5681947514509c1f2af10ff8161950df2ae7f8ee214213edc17
- SHA512
  
  b416abb388f20242de28e152c27c709bc64e1c81b781e8dc3159c75006249131461048a6cb6c22e8fb7b604927180445db7b07a3bfc2ff9a50ec1fa017c2d7e3
- SSDEEP
  
  98304:1prM2Fn76yeCJMAeAbIqwRhDKb9h6R4I7Ow6EQJ2wfWpQ8kjHcgWLSzYr0:7PF+yeCiANILRhDKBhEJ7RRQJ2wfKsHl
Score

10^/10

netsupport execution rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportexecutionrat

behavioral3