netsupport | ff7d125fd5fb64e819326a56bbf2058421bcf664afa4a35a9776e4b349b2ab02 | Triage

Sharing

General

Target

ps.ps1
Size

7KB
Sample

240710-h6avpatfkn
MD5

fa984c53dea49067c5b0521f9c0150ff
SHA1

2b533282e80095f92743c726f31a9677e4ac4bb7
SHA256

ff7d125fd5fb64e819326a56bbf2058421bcf664afa4a35a9776e4b349b2ab02
SHA512

89df117ff9776d243c89c74b0a3012ce139562b492838b8f140a271dcdb989b63b631cca6bff19a2c2db97e6fbfcff09258233b2693f97f6367db0c111ccbae5
SSDEEP

192:TWrxPZI7Wu8wjOSlVExkdw/+jMLKXyP22klPbbwXNX:MZI/8wj/wG4eXyPVk2XNX

Score

10^/10

netsupport execution persistence rat

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://cpnfun.com/akz/ak1.zip

exe.dropper

https://cpnfun.com/akz/ak3.zip

exe.dropper

https://cpnfun.com/akz/ak4.zip

exe.dropper

https://cpnfun.com/akz/ak2.zip

exe.dropper

https://cpnfun.com/fls/

Targets

- Target
  
  ps.ps1
- Size
  
  7KB
- MD5
  
  fa984c53dea49067c5b0521f9c0150ff
- SHA1
  
  2b533282e80095f92743c726f31a9677e4ac4bb7
- SHA256
  
  ff7d125fd5fb64e819326a56bbf2058421bcf664afa4a35a9776e4b349b2ab02
- SHA512
  
  89df117ff9776d243c89c74b0a3012ce139562b492838b8f140a271dcdb989b63b631cca6bff19a2c2db97e6fbfcff09258233b2693f97f6367db0c111ccbae5
- SSDEEP
  
  192:TWrxPZI7Wu8wjOSlVExkdw/+jMLKXyP22klPbbwXNX:MZI/8wj/wG4eXyPVk2XNX
Score

10^/10

netsupport execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportexecutionpersistencerat