netsupport

Sharing

Copy URL

Twitter E-mail

General

Target

readme.zip
Size

2.2MB
Sample

240717-1nsa5atgpg
MD5

a6bbb79e2c1aceebd644e83ac7be57ff
SHA1

cb1b0f509cbed77f6c7d6ce35f469f01211bb667
SHA256

0929449c2299832fe787d7b24836ecffb925e17ce915da1a90b99c49e77b56d3
SHA512

6d36583e7dec8b366e544c51cdc69874e69a777c515ca2fae455d3227bf18de01a7d3e541d1dccecb9c32d18ac400e58564162d79ff8b3775354b210bb75952a
SSDEEP

49152:Z2wryYE54IgBWACd8NNnBW/wY+3w/WTQFqNdjcC7NbbZnN7JlVG5PWZ5FvcBc:0wryZ5hbARCw51TQFqNdQaZJbIP+Uc

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  readme.zip
- Size
  
  2.2MB
- MD5
  
  a6bbb79e2c1aceebd644e83ac7be57ff
- SHA1
  
  cb1b0f509cbed77f6c7d6ce35f469f01211bb667
- SHA256
  
  0929449c2299832fe787d7b24836ecffb925e17ce915da1a90b99c49e77b56d3
- SHA512
  
  6d36583e7dec8b366e544c51cdc69874e69a777c515ca2fae455d3227bf18de01a7d3e541d1dccecb9c32d18ac400e58564162d79ff8b3775354b210bb75952a
- SSDEEP
  
  49152:Z2wryYE54IgBWACd8NNnBW/wY+3w/WTQFqNdjcC7NbbZnN7JlVG5PWZ5FvcBc:0wryZ5hbARCw51TQFqNdQaZJbIP+Uc
Score

1^/10
behavioral1 behavioral2
- Target
  
  AudioCapture.dll
- Size
  
  91KB
- MD5
  
  4182f37b9ba1fa315268c669b5335dde
- SHA1
  
  2c13da0c10638a5200fed99dcdcf0dc77a599073
- SHA256
  
  a74612ae5234d1a8f1263545400668097f9eb6a01dfb8037bc61ca9cae82c5b8
- SHA512
  
  4f22ad5679a844f6ed248bf2594af94cf2ed1e5c6c5441f0fb4de766648c17d1641a6ce7c816751f0520a3ae336479c15f3f8b6ebe64a76c38bc28a02ff0f5dc
- SSDEEP
  
  1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
Score

1^/10
behavioral3 behavioral4
- Target
  
  HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  2d3b207c8a48148296156e5725426c7f
- SHA1
  
  ad464eb7cf5c19c8a443ab5b590440b32dbc618f
- SHA256
  
  edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796
- SHA512
  
  55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c
- SSDEEP
  
  6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
Score

3^/10
behavioral5 behavioral6
- Target
  
  NSM.lic
- Size
  
  259B
- MD5
  
  3a88847f4bbf7199a2161ed963fe88ef
- SHA1
  
  8629803adb6af84691dc5431b6590df14bad4a61
- SHA256
  
  a680947aba5cf3316be50f1ec6a0d8bf72f7d7ca79d91430c26e24680eddd35e
- SHA512
  
  2b6408e7334946655045914b2cfa14dcfb39502f64ffafad784717a8ca036b73928bd7a5b02d650d8698357c54c31cac11a705baed0e1e7a3a07d659a2104e02
Score

3^/10
behavioral7 behavioral8
- Target
  
  PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  a0b9388c5f18e27266a31f8c5765b263
- SHA1
  
  906f7e94f841d464d4da144f7c858fa2160e36db
- SHA256
  
  313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
- SHA512
  
  6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd
- SSDEEP
  
  192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
Score

1^/10
behavioral10 behavioral9
- Target
  
  TCCTL32.DLL
- Size
  
  448KB
- MD5
  
  69f72ad2dad99ff0fbc7f2c671523014
- SHA1
  
  8aaab0955014b89ca794a51dd527d3afe6f38a94
- SHA256
  
  23f17cc168cc82b8ae16f3fc041d4465e1b12e66dcac1713f582f99303a740dd
- SHA512
  
  ea18d92790f52405027666b7501cf908426b9b57fec4157a45d86387d50324e414644245269dc1a0567b27c6c4b7c4b323d692bf449add4797dfcd7101531349
- SSDEEP
  
  12288:suqhtvbez3wj9AP8Ah0DAmlse99fow3/qkxf5iJg0nTUtnTvm:s3htk/eHoJktEKITUFTvm
Score

1^/10
behavioral11 behavioral12
- Target
  
  client32.exe
- Size
  
  114KB
- MD5
  
  f36a7294ff7aa92571a3fd7c91282dd5
- SHA1
  
  849e777458ef42b3138f33f6e50623246eafb7a7
- SHA256
  
  42c2d35457abce2fea3897ba5e569f51b74b40302ff15b782e3b20b0aa00b34e
- SHA512
  
  285165bdf774e4db062c996dc148dfd6a5263d89a7ae3e1bb193afb9513cd95a40dc8689ab1fd5c56b90fbdd65c6b05cfe2a3cbde4195d5b8bef239eac315145
- SSDEEP
  
  1536:4fO0hGSTj5CdnTrioQ+6Zj5CdnTkEbfQ+8iA:R0bTj5CdnTrQZj5CdnTkEb8D
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
behavioral13 behavioral14
- Target
  
  client32.ini
- Size
  
  715B
- MD5
  
  b4e1abba1a71f64b59c0eedf8feda711
- SHA1
  
  6f135a10ff49676e1daa049444e0f7fa1ddb8858
- SHA256
  
  76b38949526934b916a42ba95d09abf2d6635b945044a6578551e1034d1ed75d
- SHA512
  
  08e9266315c68f43c0c84a95979597b2dcac465784b199ee6a6c058bcff5b12207d6700abe4b16531356ea432a68e7541a87aed6a1e65c4090ed38886debdf01
Score

1^/10
behavioral15 behavioral16
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10
behavioral17 behavioral18
- Target
  
  nskbfltr.inf
- Size
  
  328B
- MD5
  
  26e28c01461f7e65c402bdf09923d435
- SHA1
  
  1d9b5cfcc30436112a7e31d5e4624f52e845c573
- SHA256
  
  d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368
- SHA512
  
  c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7
Score

1^/10
behavioral19 behavioral20
- Target
  
  nsm_vpro.ini
- Size
  
  46B
- MD5
  
  3be27483fdcdbf9ebae93234785235e3
- SHA1
  
  360b61fe19cdc1afb2b34d8c25d8b88a4c843a82
- SHA256
  
  4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b
- SHA512
  
  edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5
Score

1^/10
behavioral21 behavioral22
- Target
  
  pcicapi.dll
- Size
  
  32KB
- MD5
  
  dcde2248d19c778a41aa165866dd52d0
- SHA1
  
  7ec84be84fe23f0b0093b647538737e1f19ebb03
- SHA256
  
  9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
- SHA512
  
  c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166
- SSDEEP
  
  768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
Score

1^/10
behavioral23 behavioral24
- Target
  
  pcicl32.dll
- Size
  
  3.5MB
- MD5
  
  0806dd2faf75ef07931f0a0148dabe8a
- SHA1
  
  d578f3590af19108a45f1053e7752c72e4e71757
- SHA256
  
  1bf1d7e36a7fcae7d5df7a5b926ffd5fe07ecc3b3412d7818a9139f501083c51
- SHA512
  
  8c4628da32f25b10f432c7b5af03bd76368f44d8c9c017502e79c1a53548635a4c12c489bdd775bbea888dbab3a51859403e64ca79e39b0938260f1819936ef7
- SSDEEP
  
  49152:oVkdI/4amDppYTV665qlvEbaK3M+T6alaPclSpc5tEB:oVIG4amlIV5qlwaKUaHSwtU
Score

1^/10
behavioral25 behavioral26
- Target
  
  remcmdstub.exe
- Size
  
  58KB
- MD5
  
  ba2a1815e16b357eeff23b8394457aa5
- SHA1
  
  2492e2393cdaed5678ea0a573c50d06ec5f191f4
- SHA256
  
  e14c3224215ea91587e96b995861e8966166dfc08ab4d409bd729770815b3b81
- SHA512
  
  d505a1a17c44a96e74f94238b3623d7e6064b8c94007f2d94d6626eeee3ba75db92e569bc864c90096eabf61a0cd68ae690461b43b6e429b4deda1b44e18ba41
- SSDEEP
  
  1536:Wf6nvXuNcAjJMBUHYBlXU1wT2JFqyuAQYPT:g6nPcjJ4U4I1jFqyuHuT
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28