netsupport | 47131d54c85921d4c80a9c5127b1051fa6fc5edf47b705d42ec3c4a19190734c | Triage

Sharing

General

Target

Application.jar
Size

9KB
Sample

241008-zm7trayhjb
MD5

7416cf0ca0e69c71d0eb9e2f98526342
SHA1

aa735c8b53d81799dabb274896a38837e7f57a1d
SHA256

47131d54c85921d4c80a9c5127b1051fa6fc5edf47b705d42ec3c4a19190734c
SHA512

cf497aecef016217ebb76c95a522f575391cc6678ec54c33a91b0e30eec6471d7f14d905d6023cc65ddd1943b9d7342d76e77e99fa2f0d651cfdb4faf6531728
SSDEEP

192:VTx9uXENIM9zje1EIMTLg+8WWiqhSdS8gQ/9t4PIlHlZb99XP8d:L9uXEaS2t1+VohSdbzwI5f9Ja

Score

10^/10

netsupport discovery execution persistence rat

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://togofund.com/arks/3corn.zip

exe.dropper

https://togofund.com/arks/corn1.zip

exe.dropper

https://togofund.com/arks/corn2.zip

exe.dropper

https://togofund.com/arks/4corn.zip

exe.dropper

https://togofund.com/fide/

Targets

- Target
  
  Application.jar
- Size
  
  9KB
- MD5
  
  7416cf0ca0e69c71d0eb9e2f98526342
- SHA1
  
  aa735c8b53d81799dabb274896a38837e7f57a1d
- SHA256
  
  47131d54c85921d4c80a9c5127b1051fa6fc5edf47b705d42ec3c4a19190734c
- SHA512
  
  cf497aecef016217ebb76c95a522f575391cc6678ec54c33a91b0e30eec6471d7f14d905d6023cc65ddd1943b9d7342d76e77e99fa2f0d651cfdb4faf6531728
- SSDEEP
  
  192:VTx9uXENIM9zje1EIMTLg+8WWiqhSdS8gQ/9t4PIlHlZb99XP8d:L9uXEaS2t1+VohSdbzwI5f9Ja
Score

10^/10

netsupport discovery execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportdiscoveryexecutionpersistencerat