netsupport | 6cbac4c735bba82b907ccfd6d5e5f65523860afcdf40e1c37a4295d209701665 | Triage

Sharing

General

Target

6cbac4c735bba82b907ccfd6d5e5f65523860afcdf40e1c37a4295d209701665.zip
Size

670KB
Sample

241016-cwrgssxhld
MD5

5c056e7663decbf42390c3793f3566c4
SHA1

1ce88b08bc1c5b0d9ade1eaefd7e1b9c7325033c
SHA256

6cbac4c735bba82b907ccfd6d5e5f65523860afcdf40e1c37a4295d209701665
SHA512

64887e395f173a24f5213a546c247893f115a382038a3aa989dfd626c63f50e4866eed6e1677837fc7aa391bbda201fef203944a88c2f1312ed56f93fc886435
SSDEEP

12288:zggL2u77OA22Z2QoXv0pwTiTEhN0U9DlcpXnFYk7dT1czKxVBl3/ga/e7KQ:zggL2u7SA/Z/HTEhN0WeXFYk7dTaz8pY

Score

10^/10

netsupport discovery persistence rat

Malware Config

Targets

- Target
  
  alsodiscussionpro/alsodiscussionpro.exe
- Size
  
  721KB
- MD5
  
  dc9f091fc77babfcc0331a8d6bfdd3f5
- SHA1
  
  3f4073848136126a1c90d43e770e9980f5d16d0e
- SHA256
  
  ca0869405f73728c6b696039cf8b0cd3582924a6b5b4a4972714e7e68888670d
- SHA512
  
  aa910b2e1f1f2e74ce114ac187c2ba4b8a4857332dda4e60bced5da17e5b7193664719a9ca89b4ed434051cb58ad2fa13c9de20599e60688b2e39a8d701f5028
- SSDEEP
  
  12288:giby90c5vX7OAc2Z+QoX30pwTIT0hN2U9XlcpXNFEk7dD1cQSyuc7G:ggy3XSAZZtPT0hN2geXfEk7dDaQBucS
Score

10^/10

netsupport discovery persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoverypersistencerat