Overview

overview

10

Static

static

10

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f76b4b34066533b5484ea308fb1475e1c4e63e861770f51ec4fdb6fc8d414941

  • Size

    2KB

  • Sample

    240822-2p3c6atglq

  • MD5

    b4c4c63eb1fd1bde068d7a7f8bced385

  • SHA1

    00c3c94cba10abecd56eb5f0832aaf4f7c546fa0

  • SHA256

    f76b4b34066533b5484ea308fb1475e1c4e63e861770f51ec4fdb6fc8d414941

  • SHA512

    fa613c069967b078aa26d9de953ec2caf8f47ced2d013df2acde3017a69cb79bcb31bbafa4125a1f95d34cfdc71c62775f4bebf134972ddd64c40fbf73358a08

Score
10/10
netsupportdiscoverydropperexecutionpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://quickfileupdate.com/udp/tul1.zip
exe.dropper

https://quickfileupdate.com/udp/tul3.zip
exe.dropper

https://quickfileupdate.com/udp/tul2.zip
exe.dropper

https://quickfileupdate.com/udp/tul4.zip
exe.dropper

https://quickfileupdate.com/udp/dwn/

Targets

    • Target

      f76b4b34066533b5484ea308fb1475e1c4e63e861770f51ec4fdb6fc8d414941

    • Size

      2KB

    • MD5

      b4c4c63eb1fd1bde068d7a7f8bced385

    • SHA1

      00c3c94cba10abecd56eb5f0832aaf4f7c546fa0

    • SHA256

      f76b4b34066533b5484ea308fb1475e1c4e63e861770f51ec4fdb6fc8d414941

    • SHA512

      fa613c069967b078aa26d9de953ec2caf8f47ced2d013df2acde3017a69cb79bcb31bbafa4125a1f95d34cfdc71c62775f4bebf134972ddd64c40fbf73358a08

    Score
    10/10
    dropperexecutionpersistencenetsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Download via BitsAdmin

      dropper

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks