Overview

overview

10

Static

static

3

lada/host.exe

windows7-x64

10

lada/host.exe

windows10-2004-x64

10

lada/host.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    721s
  • max time network
    1205s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09-08-2024 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lada/host.exe

  • Size

    54KB

  • MD5

    d57adab3cc9e13a11446b91cb5e70ae6

  • SHA1

    e3cb3d8d3d5618020d429052ff2c72b694ac9ca4

  • SHA256

    a88888590829b569d43285c672246c12908e07dc15db9982b578eff37871d585

  • SHA512

    981ac751f4c34727ecbe920d55e1ea5e0418e3fbfcfda6ef233b1d909bcd3bfded7f594bf58fffeb175d0307f161f2e01039b3ac450bf2b92fb979c880dca581

  • SSDEEP

    1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opgDy2:lImfzoXK9/o6D

Score
10/10
netsupportdiscoveryrat

Malware Config

Signatures

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lada\host.exe
    "C:\Users\Admin\AppData\Local\Temp\lada\host.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads