netsupport | 0ee2ba29a98cc1d7f865a9e7ae7fd4b69b6da4af7a30b55a5e5d915616ea0aac | Triage

Sharing

General

Target

Txn_Details_G0391408919268_pdf.exe
Size

2.2MB
Sample

240722-p3xzdaxgqa
MD5

32dbb0134457cf3cc2eb9c7c4cba9dbf
SHA1

05ecd289fb130427498c2e67e3d3750b330f416e
SHA256

0ee2ba29a98cc1d7f865a9e7ae7fd4b69b6da4af7a30b55a5e5d915616ea0aac
SHA512

11236da09ee6e97e71bd2b04cdd25dac2ab1b021a3f54f5761d25e5c6b42b78a8d0c1b6163214e19b4f79e14a4dc0d7f3b519687d9f4620c726664b72cde775b
SSDEEP

49152:KBP1yXk3fQLThPJrwfRzrqLb6fCanBzx+mk1tjSJc:idy0vQLVPJr5LbCjt+my8Jc

Score

10^/10

netsupport rat

Malware Config

Targets

- Target
  
  Txn_Details_G0391408919268_pdf.exe
- Size
  
  2.2MB
- MD5
  
  32dbb0134457cf3cc2eb9c7c4cba9dbf
- SHA1
  
  05ecd289fb130427498c2e67e3d3750b330f416e
- SHA256
  
  0ee2ba29a98cc1d7f865a9e7ae7fd4b69b6da4af7a30b55a5e5d915616ea0aac
- SHA512
  
  11236da09ee6e97e71bd2b04cdd25dac2ab1b021a3f54f5761d25e5c6b42b78a8d0c1b6163214e19b4f79e14a4dc0d7f3b519687d9f4620c726664b72cde775b
- SSDEEP
  
  49152:KBP1yXk3fQLThPJrwfRzrqLb6fCanBzx+mk1tjSJc:idy0vQLVPJr5LbCjt+my8Jc
Score

10^/10

netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3