netsupport | a179d25f0ca4b9f6b7b1b7b4376664e422a6341650f80ba58626881638b64d50 | Triage

Sharing

General

Target

a179d25f0ca4b9f6b7b1b7b4376664e422a6341650f80ba58626881638b64d50.exe
Size

137KB
Sample

240921-qpre4svajc
MD5

aace5ed77f7d47cad3e45e0ccdc5411c
SHA1

cb9c403e8ba1a5531543d6c3b46250065b7f49c0
SHA256

a179d25f0ca4b9f6b7b1b7b4376664e422a6341650f80ba58626881638b64d50
SHA512

a73b05d441f2815db2cfdecb00e7df1574d510a28b73e15c365bd94ecb70cebc2ab624783a14874a64da27caa308d58c710ef8c09b96ebf36c04459dd7899874
SSDEEP

3072:IAthOjYt6ktOt/nYUHal/5+LeLEsSkRqneaNn2qSzAuK2raS:dthOjYt6ktCYUHal/hwhkReeunZceS

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  a179d25f0ca4b9f6b7b1b7b4376664e422a6341650f80ba58626881638b64d50.exe
- Size
  
  137KB
- MD5
  
  aace5ed77f7d47cad3e45e0ccdc5411c
- SHA1
  
  cb9c403e8ba1a5531543d6c3b46250065b7f49c0
- SHA256
  
  a179d25f0ca4b9f6b7b1b7b4376664e422a6341650f80ba58626881638b64d50
- SHA512
  
  a73b05d441f2815db2cfdecb00e7df1574d510a28b73e15c365bd94ecb70cebc2ab624783a14874a64da27caa308d58c710ef8c09b96ebf36c04459dd7899874
- SSDEEP
  
  3072:IAthOjYt6ktOt/nYUHal/5+LeLEsSkRqneaNn2qSzAuK2raS:dthOjYt6ktCYUHal/hwhkReeunZceS
Score

10^/10

discovery netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportdiscoveryrat