netsupport

Sharing

Copy URL

Twitter E-mail

General

Target

download.zip
Size

2.3MB
Sample

241008-q2d1jszcqr
MD5

7a5cc8dc4397674526b773d3bf4669d3
SHA1

4f0576e5406da1b476e070e1af6c1a6dc616112e
SHA256

98ec780e46cd137c3c88ca3403063525c037196840092ff58309f74a82851849
SHA512

36a4918069718e6b30e5e69e4b63c0fd03bb573bafebe25ef50d38589c6641d1468a6b518c28b0b9cc0fe859ef6a9590919cde9a36022c506b4908da7baf6701
SSDEEP

49152:a51ZlWlEDThXBJOhHvh6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqRRakTSs:E17FXa/hRFY89YYc9jh23redpmQRv

Score

10^/10

Malware Config

Targets

- Target
  
  download.zip
- Size
  
  2.3MB
- MD5
  
  7a5cc8dc4397674526b773d3bf4669d3
- SHA1
  
  4f0576e5406da1b476e070e1af6c1a6dc616112e
- SHA256
  
  98ec780e46cd137c3c88ca3403063525c037196840092ff58309f74a82851849
- SHA512
  
  36a4918069718e6b30e5e69e4b63c0fd03bb573bafebe25ef50d38589c6641d1468a6b518c28b0b9cc0fe859ef6a9590919cde9a36022c506b4908da7baf6701
- SSDEEP
  
  49152:a51ZlWlEDThXBJOhHvh6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqRRakTSs:E17FXa/hRFY89YYc9jh23redpmQRv
Score

1^/10
behavioral1
- Target
  
  HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  c94005d2dcd2a54e40510344e0bb9435
- SHA1
  
  55b4a1620c5d0113811242c20bd9870a1e31d542
- SHA256
  
  3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899
- SHA512
  
  2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a
- SSDEEP
  
  6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
Score

3^/10

discovery
behavioral2
- Target
  
  LogoDev.png
- Size
  
  23KB
- MD5
  
  b8f553fbd3dc34b58bc77a705711023d
- SHA1
  
  4ab1052f906fda96f877e398426da5646574c878
- SHA256
  
  2761c60263a2919b856915bdd2a0604b7f0e56e59d893ab13cccef2b7c967229
- SHA512
  
  15a1df0dbb06b4bb64a2b8cd7ad22578292d5ecdec64303350e027f9f87fa8a825cb1cc97f94862d8c235c85b0c79a4feabfb89d9e0b77be62aab25785122a60
- SSDEEP
  
  384:qSVmAf6Ft8Itb+e2b9tdTwEy9kXs6vWZZCbiXSeEO/12Hb40yrWSbN8qtA:qImAfe7gx3y6MZC2CeV2747zbN8
Score

3^/10
behavioral3
- Target
  
  NSM.LIC
- Size
  
  195B
- MD5
  
  e9609072de9c29dc1963be208948ba44
- SHA1
  
  03bbe27d0d1ba651ff43363587d3d6d2e170060f
- SHA256
  
  dc6a52ad6d637eb407cc060e98dfeedcca1167e7f62688fb1c18580dd1d05747
- SHA512
  
  f0e26aa63b0c7f1b31074b9d6eef88d0cfbc467f86b12205cb539a45b0352e77ce2f99f29baeab58960a197714e72289744143ba17975699d058fe75d978dfd0
Score

3^/10
behavioral4
- Target
  
  NSM.ini
- Size
  
  6KB
- MD5
  
  88b1dab8f4fd1ae879685995c90bd902
- SHA1
  
  3d23fb4036dc17fa4bee27e3e2a56ff49beed59d
- SHA256
  
  60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92
- SHA512
  
  4ea2c20991189fe1d6d5c700603c038406303cca594577ddcbc16ab9a7915cb4d4aa9e53093747db164f068a7ba0f568424bc8cb7682f1a3fb17e4c9ec01f047
- SSDEEP
  
  96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
Score

3^/10
behavioral5
- Target
  
  PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  104b30fef04433a2d2fd1d5f99f179fe
- SHA1
  
  ecb08e224a2f2772d1e53675bedc4b2c50485a41
- SHA256
  
  956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd
- SHA512
  
  5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f
- SSDEEP
  
  192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
Score

3^/10

discovery
behavioral6
- Target
  
  PCICL32.DLL
- Size
  
  3.6MB
- MD5
  
  d3d39180e85700f72aaae25e40c125ff
- SHA1
  
  f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15
- SHA256
  
  38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5
- SHA512
  
  471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f
- SSDEEP
  
  49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
Score

3^/10

discovery
behavioral7
- Target
  
  Setup/2CEE836C30F61F46s
- Size
  
  3KB
- MD5
  
  779941310b13ac31bba246b943b014d3
- SHA1
  
  603b7a0ce3b86e96df1e4b73d3940c42c24ebb6f
- SHA256
  
  dce9cd258794c205a79f30e5e4029b4ecb32c28657a78d8fcfc41715099f0507
- SHA512
  
  3534923a456cb85ea5c64809a9b9bf571fccf68aad2512b05c935d09969e01ef7eb54aa59667de382cc6faefb9bdbaaf6e6fe94e235460fff6b176913ec60173
Score

1^/10
behavioral8
- Target
  
  Setup/A88D1CCE15181E1Ds
- Size
  
  76KB
- MD5
  
  918aef560b494cc4ecf6724fbcf8a61e
- SHA1
  
  2f2b51532aedf0936e7f8940c9f6cf356e37a3dd
- SHA256
  
  70f0c376f0b37f4795964775dd976704d0f26b28442cf3e9694334dfe708fe8e
- SHA512
  
  89bab306ccf2665fa1956dca2a77c768df1dca892ae16e66281bd6735d433c5467088a9c7465ca5f6ca4c56247b23b39a9ed7c7f11f079190a74fe6af289d1dc
- SSDEEP
  
  1536:4tXd1n3DHyLO1Xs+2DzeZ2PNkVSEilHoKmD8tQMODAGesXcZktqfESEH:6XTzS2wyZukVSEMbwI3RsXc2twESEH
Score

1^/10
behavioral9
- Target
  
  Setup/CC88C062DAB6233Fs
- Size
  
  124B
- MD5
  
  80f10934de31078db583af6c314b036f
- SHA1
  
  67b66079743aadb7c917361b4f5241f1de078e1a
- SHA256
  
  83a9f546edf1056b2effb0221444ccfe94df6e72d0d6e1d9540b3ec050598872
- SHA512
  
  c117e85825a62585684e2d3fea13ae188e25366b5b044de9a93a246dadd3345e14088c41c63104eeee2fda7be1bd50bc959e9560e0177f88dc785b10ef6badc1
Score

1^/10
behavioral10
- Target
  
  Setup/Sigma/Advertising
- Size
  
  2KB
- MD5
  
  326ddffc1f869b14073a979c0a34d34d
- SHA1
  
  df08e9d94ad0fad7cc7d2d815ee7d8b82ec26e63
- SHA256
  
  d4201efd37aec4552e7aa560a943b4a8d10d08af19895e6a70991577609146fb
- SHA512
  
  3822e64ca9cf23e50484afcc2222594b4b2c7cd8c4e411f557abea851ae7cbd57f10424c0c9d8b0b6a5435d6f28f3b124c5bc457a239f0a2f0caf433b01da83f
Score

1^/10
behavioral11
- Target
  
  Setup/Sigma/LICENSE
- Size
  
  66B
- MD5
  
  5b7baf861a48c045d997992424b5877b
- SHA1
  
  2b2bd9a13afe49748abf39faf9eb29ed658f066e
- SHA256
  
  44071e0fcffb9a9a32e8fa7010bb18dbc41afd0b176f81bf700b15b638a88a51
- SHA512
  
  4820b41aa5ff4d934a583e1f0b93b1512631102bb2dfdb74792a2f0dcf9907da7680c02a5ddd2492a1e6d58cdada3453d9e38bb8deab6ce831ff36a7f8de016c
Score

1^/10
behavioral12
- Target
  
  Setup/Sigma/Staging
- Size
  
  16KB
- MD5
  
  39bdf35ac4557a2d2a4efdeeb038723e
- SHA1
  
  9703ca8af3432b851cb5054036de32f8ba7b083f
- SHA256
  
  04441a10b0b1deee7996e298949ac3b029bd7c24257faf910fe14f9996ba12ae
- SHA512
  
  732337f7b955e6acaf1e3aaa3395bc44c80197d204bd3cbb3e201b6177af6153cc9d7b22ad0e90b36796f92b0022806c32ac763eaec733b234503890900bf284
- SSDEEP
  
  384:lMFqdq0kM55olQws9gsLW4nMFCw8oaj7CQB:lGOqPM5mlQXgeWaMFvanCs
Score

1^/10
behavioral13
- Target
  
  TCCTL32.DLL
- Size
  
  387KB
- MD5
  
  2c88d947a5794cf995d2f465f1cb9d10
- SHA1
  
  c0ff9ea43771d712fe1878dbb6b9d7a201759389
- SHA256
  
  2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e
- SHA512
  
  e55679ff66ded375a422a35d0f92b3ac825674894ae210dbef3642e4fc232c73114077e84eae45c6e99a60ef4811f4a900b680c3bf69214959fa152a3dfbe542
- SSDEEP
  
  12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6
Score

3^/10

discovery
behavioral14
- Target
  
  client32.exe
- Size
  
  101KB
- MD5
  
  c4f1b50e3111d29774f7525039ff7086
- SHA1
  
  57539c95cba0986ec8df0fcdea433e7c71b724c6
- SHA256
  
  18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
- SHA512
  
  005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5
- SSDEEP
  
  768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
behavioral15
- Target
  
  client32.ini
- Size
  
  670B
- MD5
  
  15221731b8c78d255535a98220f55385
- SHA1
  
  917cba1d62dc16241700ac2027a67b62dbd03450
- SHA256
  
  b23705ddaf4dd0da82ea5c70f7b406f13529b624dfcf8ec2c9099c07de5b997d
- SHA512
  
  0883c5b8bd9865fa31614f7c8054144323dd4fc5acd73f7e1dec1782b1bdb2da7f7af4aa9bba76847eee42a566c5843b2f021accab477805babab89db6dccf03
Score

3^/10
behavioral16
- Target
  
  delegatedWebFeatures.sccd
- Size
  
  17KB
- MD5
  
  7fd9cd05f23d42fb6deda65bd1977ac9
- SHA1
  
  df25a2c9e1e9fa05805da69ff41337b9f59755fb
- SHA256
  
  ca6c469655d4d0d7ce5beb447dab43048a377a6042c4800b322257567ac135d9
- SHA512
  
  6ae8addf0c55058803305f937593ba02202c99639a572be0cacbfde598019cf8db7067e0392bd66c43cf7d8780e454ec5e08d68bcfd491b60a450ffc280c81b8
- SSDEEP
  
  384:nPzOC+5CNMCUDCGxkKp2Z+TgNKvoUwyBDZS/1pMimimp5F9aQBb+ZIo1PCCZAhy1:niZtnLkKp2Z+TgNKvoUwqVS/L3mimp5i
Score

1^/10
behavioral17
- Target
  
  install_state.json
- Size
  
  1KB
- MD5
  
  3f78a0569c858ad26452633157103095
- SHA1
  
  8119bcc1d66b17ccd286fef396fa48594188c4d0
- SHA256
  
  d53fc339533d39f413ddd29a69ade19f2972383db8fb8938d77d2e79c8573f36
- SHA512
  
  89842e39703970108135d71ce4c039df19c18f04c280cb2516409758f9d22e0205567b08dbe527a6fb7c295bda2ea8ee6a368d6fcaf6fb59645d31ef2243ad3d
Score

3^/10
behavioral18
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral19
- Target
  
  nskbfltr.inf
- Size
  
  328B
- MD5
  
  26e28c01461f7e65c402bdf09923d435
- SHA1
  
  1d9b5cfcc30436112a7e31d5e4624f52e845c573
- SHA256
  
  d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368
- SHA512
  
  c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7
Score

3^/10
behavioral20
- Target
  
  nsm_vpro.ini
- Size
  
  46B
- MD5
  
  3be27483fdcdbf9ebae93234785235e3
- SHA1
  
  360b61fe19cdc1afb2b34d8c25d8b88a4c843a82
- SHA256
  
  4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b
- SHA512
  
  edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5
Score

3^/10
behavioral21
- Target
  
  package_metadata
- Size
  
  9B
- MD5
  
  72e3bed9c0f2498ae7f7b8251eb63956
- SHA1
  
  e9366f86ef5c31d2141fb5d209214d94dd1e24af
- SHA256
  
  96e946e3ee860c6faf9557327efa311ae804aa58dd58632261b16c3c567baa5a
- SHA512
  
  68efaca86096f94c5fc7972f073361e4b12a3219834c0f3a6933837a35fa023a87d310b9e5aa2a8f88f9069320c60a490a24ba47219925010d69f88910c99758
Score

1^/10
behavioral22
- Target
  
  pcicapi.dll
- Size
  
  32KB
- MD5
  
  34dfb87e4200d852d1fb45dc48f93cfc
- SHA1
  
  35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641
- SHA256
  
  2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703
- SHA512
  
  f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2
- SSDEEP
  
  768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
Score

3^/10

discovery
behavioral23
- Target
  
  remcmdstub.exe
- Size
  
  62KB
- MD5
  
  6fca49b85aa38ee016e39e14b9f9d6d9
- SHA1
  
  b0d689c70e91d5600ccc2a4e533ff89bf4ca388b
- SHA256
  
  fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814
- SHA512
  
  f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622
- SSDEEP
  
  1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
Score

3^/10

discovery
behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24