Overview

overview

10

Static

static

1

update.ps1

windows7-x64

6

update.ps1

windows10-1703-x64

10

update.ps1

windows10-2004-x64

10

update.ps1

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    update

  • Size

    4KB

  • Sample

    240921-qyyksavdqc

  • MD5

    c3a9c69ae58d9f390efcdd39095ec039

  • SHA1

    48b97a2fd63f06ce060bdff02ada6143a43221b7

  • SHA256

    ccb1996d2a2b57b943611a8928a5a05d69003b1225b9afef40e21017de70be52

  • SHA512

    26f467830b9c645e97109782462f7a748ff873c5b84e9b202887dc24910e8070ad9458c45f8705b946f741b9cc8f3f388a7deb667d6ca3a6a70d22478325c7d2

  • SSDEEP

    48:RHvWvwuwB3QGjsLCO1UD09tD6ZevCO1Uw5NtDPYPkQ0bISOI03VJ8dHtLbLvlCO7:RhbYs09w4rFBEnD8dHtLXROzBCSIOI

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      update

    • Size

      4KB

    • MD5

      c3a9c69ae58d9f390efcdd39095ec039

    • SHA1

      48b97a2fd63f06ce060bdff02ada6143a43221b7

    • SHA256

      ccb1996d2a2b57b943611a8928a5a05d69003b1225b9afef40e21017de70be52

    • SHA512

      26f467830b9c645e97109782462f7a748ff873c5b84e9b202887dc24910e8070ad9458c45f8705b946f741b9cc8f3f388a7deb667d6ca3a6a70d22478325c7d2

    • SSDEEP

      48:RHvWvwuwB3QGjsLCO1UD09tD6ZevCO1Uw5NtDPYPkQ0bISOI03VJ8dHtLbLvlCO7:RhbYs09w4rFBEnD8dHtLXROzBCSIOI

    Score
    10/10
    executionpersistencenetsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks