netsupport | 177b044664d7a6b98423049d8fead8dc3847fc15505a8b2c983096a27876ecc2 | Triage

Sharing

General

Target

lada.zip
Size

2.1MB
Sample

240809-br2xasxgnd
MD5

3d53ee9d7dfb6e64871826d789424c49
SHA1

09fecbb2b606f01c0e921dfed341f9f44506d8c5
SHA256

177b044664d7a6b98423049d8fead8dc3847fc15505a8b2c983096a27876ecc2
SHA512

c5e5e14fc55589f20faf5aef4eeadc38979cfe1c058bfeaf59f1bd4ceb2d57b3ab08ac7efc6fc6d9f9db412c1bd21e46673740619d8f30b4347d2df810245d58
SSDEEP

49152:qjW0xxBYrp7PVhEBNO9GAeuAGW4XpY2F8cMUCFQOJK02Yh8mWLawS6/:qqGHS/ENOzeuAGrXnF6uolFq4o/

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  lada/host.exe
- Size
  
  54KB
- MD5
  
  d57adab3cc9e13a11446b91cb5e70ae6
- SHA1
  
  e3cb3d8d3d5618020d429052ff2c72b694ac9ca4
- SHA256
  
  a88888590829b569d43285c672246c12908e07dc15db9982b578eff37871d585
- SHA512
  
  981ac751f4c34727ecbe920d55e1ea5e0418e3fbfcfda6ef233b1d909bcd3bfded7f594bf58fffeb175d0307f161f2e01039b3ac450bf2b92fb979c880dca581
- SSDEEP
  
  1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opgDy2:lImfzoXK9/o6D
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryrat

behavioral2

netsupportdiscoveryrat

behavioral3

netsupportdiscoveryrat