netsupport | 8db799ca699e7fbffcdd966ecd6862baa964e8518382defe52722cce0e6af617 | Triage

Sharing

General

Target

concur.zip
Size

2.1MB
Sample

240904-cegw2ashmn
MD5

ee36a8a2922f1384b046842650c8cea1
SHA1

bfdaba4e2cfabceb406275d05badc6c57378104d
SHA256

8db799ca699e7fbffcdd966ecd6862baa964e8518382defe52722cce0e6af617
SHA512

8b164a5eb04dd4d6bd0ffecb2cc47f5ab7c9607f9daf251339fbd39a1ad9331ed03a4d817d33c492cb0264a1b368690d77e49d3203c21057876f53579139e1ef
SSDEEP

49152:NkjW0xxxYrp7yVhEBNO9GAeuAGW4XpY2F8cMUCFQOJK02gp8mWLawS6j:mqGvSYENOzeuAGrXnF6uolZC4oj

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  concur/concur.exe
- Size
  
  54KB
- MD5
  
  9bf16abf4f440eed970f011c0b02f1c5
- SHA1
  
  a6fc16a6e30869ca9b0c12ae4d0f8fad91f75508
- SHA256
  
  2d3f87f2a4fbd1fe6c13650637a952ec758e3b8ab962a60b6c7ab4785282d5e3
- SHA512
  
  8d38b8184caa0cb11ebbbba2d6b22fd32774b588285109280879290affd50115dcc6d2604c64344ee52725b55947d927990aa444b90efab646634f9f7e4a2636
- SSDEEP
  
  1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opgYC2:lImfzoXK9/o6W
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryrat

behavioral2

netsupportdiscoveryrat