General
-
Target
922590e679f418d5e871ed027a0fb986c15439d381046e2c6c01d1f100da1ed3.msi
-
Size
2.2MB
-
Sample
240929-ygzqhsxemr
-
MD5
bbf5cd6b084221a207c6d4948b48cf52
-
SHA1
6c4560eb2358f2a0041e1db56bcce232fb13d20d
-
SHA256
922590e679f418d5e871ed027a0fb986c15439d381046e2c6c01d1f100da1ed3
-
SHA512
09f6eb8582c170fb5bd01d5f9f57697d5c3e011df1790ddc44cff2c15a7df35d2c7273f68ffef7a54e45c72e99299ddf048ea65696a9eaf70df7d6005ab5e328
-
SSDEEP
49152:FEiJT5NKpt6ikhfxm2C6VQQQe/dJLXgiTRsanWzywHB5PML5YmbK:FEiJVNut6zhfxo6aArs1yg5P4bK
Malware Config
Targets
-
-
Target
922590e679f418d5e871ed027a0fb986c15439d381046e2c6c01d1f100da1ed3.msi
-
Size
2.2MB
-
MD5
bbf5cd6b084221a207c6d4948b48cf52
-
SHA1
6c4560eb2358f2a0041e1db56bcce232fb13d20d
-
SHA256
922590e679f418d5e871ed027a0fb986c15439d381046e2c6c01d1f100da1ed3
-
SHA512
09f6eb8582c170fb5bd01d5f9f57697d5c3e011df1790ddc44cff2c15a7df35d2c7273f68ffef7a54e45c72e99299ddf048ea65696a9eaf70df7d6005ab5e328
-
SSDEEP
49152:FEiJT5NKpt6ikhfxm2C6VQQQe/dJLXgiTRsanWzywHB5PML5YmbK:FEiJVNut6zhfxo6aArs1yg5P4bK
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1