General
-
Target
98e12e68c45dc1b540c7f1c87e4293e3f0f0fecae98d3f49b60fdb4f646082d1(1).msi
-
Size
2.2MB
-
Sample
240925-ndp2ssscjp
-
MD5
0a86f111f1e8ec51d2ce46864f7f4576
-
SHA1
7f3065bca7f7d261b431a909c7bb051c7bd79eae
-
SHA256
98e12e68c45dc1b540c7f1c87e4293e3f0f0fecae98d3f49b60fdb4f646082d1
-
SHA512
f5528f4039eeae866edbe378a54f1480e0ad621fbe895e01d933699ab7361e529720b23b98587a02b78571f5b45ce71840295697a2a1a34b77aec7fd067c5be9
-
SSDEEP
49152:lEiJT5NKpt6ikhfxm2C6VQQQe/dJLXgiTRsanWzywHB5PML5YmbKF:lEiJVNut6zhfxo6aArs1yg5P4bKF
Malware Config
Targets
-
-
Target
98e12e68c45dc1b540c7f1c87e4293e3f0f0fecae98d3f49b60fdb4f646082d1(1).msi
-
Size
2.2MB
-
MD5
0a86f111f1e8ec51d2ce46864f7f4576
-
SHA1
7f3065bca7f7d261b431a909c7bb051c7bd79eae
-
SHA256
98e12e68c45dc1b540c7f1c87e4293e3f0f0fecae98d3f49b60fdb4f646082d1
-
SHA512
f5528f4039eeae866edbe378a54f1480e0ad621fbe895e01d933699ab7361e529720b23b98587a02b78571f5b45ce71840295697a2a1a34b77aec7fd067c5be9
-
SSDEEP
49152:lEiJT5NKpt6ikhfxm2C6VQQQe/dJLXgiTRsanWzywHB5PML5YmbKF:lEiJVNut6zhfxo6aArs1yg5P4bKF
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1