netsupport | a53ed7dafb386f2fff85ec3b300b9f293b102094dd768ebb23fd4d9345fc1610 | Triage

Sharing

General

Target

xbe.vue.7z
Size

1.4MB
Sample

240928-hzyceashlk
MD5

21bae72276f9945537afafb3a6409c58
SHA1

c638ad429eda88273c6bd263efa35355fde82a15
SHA256

a53ed7dafb386f2fff85ec3b300b9f293b102094dd768ebb23fd4d9345fc1610
SHA512

a137cd43e2ab26cb4e2c94faf3f0bc2ad98748805c195024ae7f8af77baa9bcf04b25b433f1f4e60e35265f5ba94bbcb71aa786cc12bcc920973aab052d89b75
SSDEEP

24576:c4CGDwT6ENzMOnT7e1p+rW5vsLSULKj1FDDzfRxgrgfrlOcSZoh0qKoe+4OoGM1u:qd/PY2eULKjbHgrgfwFk07fOzE7cYDi

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  Ns/AudioCapture.dll
- Size
  
  87KB
- MD5
  
  7629af8099b76f85d37b3802041503ee
- SHA1
  
  f40a5efcb9dee679de22658c6f95c7e9c0f2f0c0
- SHA256
  
  2cc8ebea55c06981625397b04575ed0eaad9bb9f9dc896355c011a62febe49b5
- SHA512
  
  c209714ffdb0b95595583976340f2eb901eb9895f2f420afc4ca3c12744432e52fbedfd857b56cb347d4475df7678bd42d43f221208a108384e1df5aaf7d19e4
- SSDEEP
  
  768:ZrOxYZwDgyfoVD/Ksdl0R8rKZEmU2ffE7CdmW1B1jvmhxccp2UvHNORpPePtJPv4:ZrOxDJs/Ksdl0R1dBmhFJERpPyJPvuXR
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Ns/HTCTL32.DLL
- Size
  
  316KB
- MD5
  
  051cdb6ac8e168d178e35489b6da4c74
- SHA1
  
  38c171457d160f8a6f26baa668f5c302f6c29cd1
- SHA256
  
  6562585009f15155eea9a489e474cebc4dd2a01a26d846fdd1b93fdc24b0c269
- SHA512
  
  602ab9999f7164a2d1704f712d8a622d69148eefe9a380c30bc8b310eadedf846ce6ae7940317437d5da59404d141dc2d1e0c3f954ca4ac7ae3497e56fcb4e36
- SSDEEP
  
  6144:WyspIr8g8imeKk9Fv8TamdF3xuHGAimnx30aaY5nFJl8NjzGrn0J/d3M1OGg:WyspIr8g8i191uzdwHGAimd0bY5FJl85
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Ns/PCICHEK.DLL
- Size
  
  14KB
- MD5
  
  3aabcd7c81425b3b9327a2bf643251c6
- SHA1
  
  ea841199baa7307280fc9e4688ac75e5624f2181
- SHA256
  
  0cff893b1e7716d09fb74b7a0313b78a09f3f48c586d31fc5f830bd72ce8331f
- SHA512
  
  97605b07be34948541462000345f1e8f9a9134d139448d4f331cefeeca6dad51c025fcab09d182b86e5a4a8e2f9412b3745ec86b514b0523497c821cb6b8c592
- SSDEEP
  
  192:uuYr6062b6Z1HVF6RRHXPPr+13fnYe+PjPIrI9FlP4r9ZCspE+TMlr78Vkf:uuYe72u6r+5nYPL7NheMr
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Ns/PCICL32.DLL
- Size
  
  3.3MB
- MD5
  
  e7b92529ea10176fe35ba73fa4edef74
- SHA1
  
  fc5b325d433cde797f6ad0d8b1305d6fb16d4e34
- SHA256
  
  b6d4ad0231941e0637485ac5833e0fdc75db35289b54e70f3858b70d36d04c80
- SHA512
  
  fb3a70e87772c1fb386ad8def6c7bdf325b8d525355d4386102649eb2d61f09ce101fce37ccc1f44d5878e604e2e426d96618e836367ab460cae01f627833517
- SSDEEP
  
  49152:FwWtZSlgPoqxyszApD0Ew0J94KinCgqGBQTdTBOHa3clSToWZiwDA:FwWrSlgHyszApD090mCgqTUSPE9
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Ns/TCCTL32.DLL
- Size
  
  378KB
- MD5
  
  1e6e804ca71eaf5bef0abef95c578cf0
- SHA1
  
  8eb7e6eff15edcb01d20322c4994512fdd1dd227
- SHA256
  
  6ffe12cdfe0a36dec4b4a40ecdafb4097b1af7c340b0fcecf9f5c67b7fa8b299
- SHA512
  
  197b782efa21ac87a54d3e63f90a75d80d70a30bfd686d29ed36ede79328db2aef58c8b242906bf7a6c9c0b33b8fa5f0ef23e541bb0d5c0786481bdcce191061
- SSDEEP
  
  6144:bn452GF6HWSJkgGjMTUjemzWz+ZsYRtFM2V3KZ/aDVpIxNc+KT5Ev7pt0AUazmgt:D452GF6HlkgGjMT8emzWusytFMKDXIxj
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Ns/client32.exe
- Size
  
  101KB
- MD5
  
  c4f1b50e3111d29774f7525039ff7086
- SHA1
  
  57539c95cba0986ec8df0fcdea433e7c71b724c6
- SHA256
  
  18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
- SHA512
  
  005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5
- SSDEEP
  
  768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
behavioral11 behavioral12
- Target
  
  Ns/msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Ns/pcicapi.dll
- Size
  
  106KB
- MD5
  
  67c53a770390e8c038060a1921c20da9
- SHA1
  
  49e63af91169c8ce7ef7de3d6a6fb9f8f739fa3a
- SHA256
  
  2dfdc169dfc27462adc98dde39306de8d0526dcf4577a1a486c2eef447300689
- SHA512
  
  201e07dbccd83480d6c4d8562e6d0a9e4c52ed12895f0b91d875c2bbcc50b3b1802e11e5e829c948be302bf98ebde7fb2a99476065d1709b3bdbcd5d59a1612d
- SSDEEP
  
  1536:LnzOfAUs8aONOb2H4NECHnTXg05rQMb2bbaPrw6BkJElFBIboKKGQ1w:LnSfAB8cb2YN7pSy8AuElFBIboKKGSw
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Ns/remcmdstub.exe
- Size
  
  58KB
- MD5
  
  5be6fb8f28544d4f83c25a2b76ff7890
- SHA1
  
  6ad5d9338984c52b37f2176c8ae4ae2366a7fd25
- SHA256
  
  b11380f81b0a704e8c7e84e8a37885f5879d12fbece311813a41992b3e9787f2
- SHA512
  
  7635fc41dd7be6a55d944db7790e31fd607bfdc67845185facd52bcda24da139c5ba4fe0292ead097eaa606ed53fcfd2ce96c2fb7a15f3aba5fe7262e8041028
- SSDEEP
  
  1536:Uf6nvXuNcAjJMBUHYBlXU1wT2JFqywsQ:e6nPcjJ4U4I1jFqywL
Score

3^/10

discovery
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

netsupportdiscoveryrat

behavioral12

netsupportdiscoveryrat

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18