netsupport | a09920aac058a4f885fb3e6e840f491d6798603afe32c607adbf863711db34f6 | Triage

Sharing

General

Target

concur.zip
Size

2.1MB
Sample

240919-ccwbmsveqm
MD5

58488f6786e522164376c57290a1b695
SHA1

621ce4ae29f32217daab622ed561a3ce098f4f1d
SHA256

a09920aac058a4f885fb3e6e840f491d6798603afe32c607adbf863711db34f6
SHA512

3c5914e388f0f065ad6cba5a59b147886699be8bffaa85770d05eabdb5ab15bd583ad0e8c33086fb115eb8ceb5040e2d3b51d37294640f0accbf6f4f0a9cfb12
SSDEEP

49152:wtjW0xxxYrp7yVhEBNO9GAeuAGW4XpY2F8cMUCFQOJK02gp8mWLawS60:qqGvSYENOzeuAGrXnF6uolZC4o0

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  concur/concur.exe
- Size
  
  54KB
- MD5
  
  074ea94236b4f9ec54949fda9335fb6d
- SHA1
  
  4400aa631cb9f574bb21bf2d7610f7bfb1271946
- SHA256
  
  4140a3aa5fc739a37f45b2c307decf5aa9ff9bcc33b4365e878c64e1e252dfff
- SHA512
  
  a82c3d23365909e9a320c6b1127e1c15e0fc528e543872c360546bfa2ba78e6a9d31200bff9aa7570eb857dfb3baccb51805a7879caded05a7bf6a9aae3a80d8
- SSDEEP
  
  1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opgJS2:lImfzoXK9/o6N
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryrat

behavioral2

netsupportdiscoveryrat