netsupport | ea34bd669623b802574b8da23549a66227b7aea5480e80289ec8b2ff6dc5cd7e | Triage

Submit
Reports

Overview

overview

Static

static

3

ea34bd6696...eN.exe

windows7-x64

1

ea34bd6696...eN.exe

windows10-2004-x64

Sharing

General

Target

ea34bd669623b802574b8da23549a66227b7aea5480e80289ec8b2ff6dc5cd7eN
Size

6.2MB
Sample

240920-pzzc2axdnn
MD5

f30257ceae9a67d36a4e62f20ca7da00
SHA1

e3ca7a72b61fac410b406163ecc299b89f01224a
SHA256

ea34bd669623b802574b8da23549a66227b7aea5480e80289ec8b2ff6dc5cd7e
SHA512

f301745a2474911510066eb58178a804c1aedff3f40102b1ecd6078dd87ee59f12dd6217c23481c1ef78ab625079e1a733ae70d7de470a321802a5f0afcf378b
SSDEEP

98304:Cwi471aEj6tOKNnwp2QNNVNDP+f4GXpcNB6wijexMRq:I4AErp2oWj5fjexb

Score

10^/10

netsupport discovery evasion rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea34bd669623b802574b8da23549a66227b7aea5480e80289ec8b2ff6dc5cd7eN.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

120 seconds

Behavioral task

behavioral2

Sample

ea34bd669623b802574b8da23549a66227b7aea5480e80289ec8b2ff6dc5cd7eN.exe

Resource

win10v2004-20240802-en

netsupport discovery evasion rat

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  ea34bd669623b802574b8da23549a66227b7aea5480e80289ec8b2ff6dc5cd7eN
- Size
  
  6.2MB
- MD5
  
  f30257ceae9a67d36a4e62f20ca7da00
- SHA1
  
  e3ca7a72b61fac410b406163ecc299b89f01224a
- SHA256
  
  ea34bd669623b802574b8da23549a66227b7aea5480e80289ec8b2ff6dc5cd7e
- SHA512
  
  f301745a2474911510066eb58178a804c1aedff3f40102b1ecd6078dd87ee59f12dd6217c23481c1ef78ab625079e1a733ae70d7de470a321802a5f0afcf378b
- SSDEEP
  
  98304:Cwi471aEj6tOKNnwp2QNNVNDP+f4GXpcNB6wijexMRq:I4AErp2oWj5fjexb
Score

10^/10

netsupport discovery evasion rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportdiscoveryevasionrat

© 2018-2025

Terms | Privacy