netsupport | d23d434b7c1f74517ebc2af362052adcb48344b9e55f64a4183883ed78b67b2d | Triage

Submit
Reports

Overview

overview

Static

static

3

6252d21392...18.exe

windows7-x64

6252d21392...18.exe

windows10-2004-x64

Sharing

General

Target

6252d21392e1917e0f3dceda06e3a995_JaffaCakes118
Size

6.2MB
Sample

241020-p2kmna1brq
MD5

6252d21392e1917e0f3dceda06e3a995
SHA1

62fb2c2db8e172106d59a53ac1c5a3c2f67169f4
SHA256

d23d434b7c1f74517ebc2af362052adcb48344b9e55f64a4183883ed78b67b2d
SHA512

a136098f4c5fd18bcdb7c776ac23826f7daf4aa855a31c33ea122c607c564f4154c371adf964ea14e2381cd01a8dac78ca48a4aac8645d9672e31584d1b6e8b6
SSDEEP

98304:bh29rRyP4k6SnGbXeEmn42PlEbp2WWBJySiiusHTjB+DidXvh6d204OOR5qS:89EDQXeEz2t2mBvHTjOgJ6M8YY

Score

10^/10

netsupport discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6252d21392e1917e0f3dceda06e3a995_JaffaCakes118.exe

Resource

win7-20240903-en

netsupport discovery rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6252d21392e1917e0f3dceda06e3a995_JaffaCakes118.exe

Resource

win10v2004-20241007-en

netsupport discovery rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6252d21392e1917e0f3dceda06e3a995_JaffaCakes118
- Size
  
  6.2MB
- MD5
  
  6252d21392e1917e0f3dceda06e3a995
- SHA1
  
  62fb2c2db8e172106d59a53ac1c5a3c2f67169f4
- SHA256
  
  d23d434b7c1f74517ebc2af362052adcb48344b9e55f64a4183883ed78b67b2d
- SHA512
  
  a136098f4c5fd18bcdb7c776ac23826f7daf4aa855a31c33ea122c607c564f4154c371adf964ea14e2381cd01a8dac78ca48a4aac8645d9672e31584d1b6e8b6
- SSDEEP
  
  98304:bh29rRyP4k6SnGbXeEmn42PlEbp2WWBJySiiusHTjB+DidXvh6d204OOR5qS:89EDQXeEz2t2mBvHTjOgJ6M8YY
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryrat

behavioral2

netsupportdiscoveryrat

© 2018-2024

Terms | Privacy