netsupport | b24d7acdc4b26e5829fdf9be02a8bf4b864c99b420c222f4b8066a54981f53c6 | Triage

Sharing

General

Target

Update 124.0.6367.158.js
Size

13.0MB
Sample

240703-qypymszajb
MD5

b613fd3763e4d2d8a32019015d95a84d
SHA1

201018208e4bf8a2c40b7611ba2042e413d4a7e5
SHA256

b24d7acdc4b26e5829fdf9be02a8bf4b864c99b420c222f4b8066a54981f53c6
SHA512

08e615607fd8722612cac53180c0c2faf231735ff8db9662120e5ef00e343839e2721670ed7f06b7d0e94bd462b4df275a9e1eb6249a898125e9753e5824242b
SSDEEP

49152:CalYOjByIHBJ8V6tlBDBFcLBLtmp3+T2vPHr+Z3jb4JsjcqTbsPF5xhyMA81qIdj:5

Score

10^/10

netsupport execution persistence rat

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://helpcenter.cyou/help.php?14995

exe.dropper

http://helpcenter.cyou/help.php?14995

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://helpcenter.cyou/help.php?12816

exe.dropper

http://helpcenter.cyou/help.php?12816

Targets

- Target
  
  Update 124.0.6367.158.js
- Size
  
  13.0MB
- MD5
  
  b613fd3763e4d2d8a32019015d95a84d
- SHA1
  
  201018208e4bf8a2c40b7611ba2042e413d4a7e5
- SHA256
  
  b24d7acdc4b26e5829fdf9be02a8bf4b864c99b420c222f4b8066a54981f53c6
- SHA512
  
  08e615607fd8722612cac53180c0c2faf231735ff8db9662120e5ef00e343839e2721670ed7f06b7d0e94bd462b4df275a9e1eb6249a898125e9753e5824242b
- SSDEEP
  
  49152:CalYOjByIHBJ8V6tlBDBFcLBLtmp3+T2vPHr+Z3jb4JsjcqTbsPF5xhyMA81qIdj:5
Score

10^/10

execution netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportexecutionpersistencerat

behavioral3