netsupport

General

Target

281024afqk0.msix
Size

8.6MB
Sample

241028-wb3h4ssmby
MD5

6001f176a97d9a281fef4bf14c3f4004
SHA1

713fff9db673d4e2cdb7aa9815a2286b31724965
SHA256

164442f00f7c9fa2e5b279d8d16fc3b29bf6dcda098d25f530573f4a3ff30169
SHA512

f7de4e2943c4443a18d91ecfcd24da109970467becbbc7e693684fbb3af73f1b610e430b1ef0a7b1f0964037601ef271a41b88fafc904a180526da440f271643
SSDEEP

196608:0QFhy2ANI4C4OhqK6hE62E/MLoW2yJLwfdm2NV9lDegE5PTtvNBZh:0QKVzOz6hWE/0J8fdm2NnVrWlN

Score

10^/10

Malware Config

Targets

- Target
  
  281024afqk0.msix
- Size
  
  8.6MB
- MD5
  
  6001f176a97d9a281fef4bf14c3f4004
- SHA1
  
  713fff9db673d4e2cdb7aa9815a2286b31724965
- SHA256
  
  164442f00f7c9fa2e5b279d8d16fc3b29bf6dcda098d25f530573f4a3ff30169
- SHA512
  
  f7de4e2943c4443a18d91ecfcd24da109970467becbbc7e693684fbb3af73f1b610e430b1ef0a7b1f0964037601ef271a41b88fafc904a180526da440f271643
- SSDEEP
  
  196608:0QFhy2ANI4C4OhqK6hE62E/MLoW2yJLwfdm2NV9lDegE5PTtvNBZh:0QKVzOz6hWE/0J8fdm2NnVrWlN
Score

10^/10

netsupport discovery execution persistence privilege_escalation rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  fedxrtdxt.ps1
- Size
  
  480B
- MD5
  
  3e390f3b3ca7d3716775f832c93fb1b1
- SHA1
  
  5cc8837f0f87f71c5551c009a69fa12daf3254d4
- SHA256
  
  11464f7ac40e3e5f771dfe19aee3b3d21cf526a11429038ba9de4c9d7e4bb42a
- SHA512
  
  8a71a94cb17699100bba67478e5ab0fa14f93b68d0efdcbbf1a35cb5a1d20d05a36c63b0a8be559645a084aee2109a2c77eaa7e6ecd89a99ffaf670100d56c30
Score

10^/10

netsupport discovery execution persistence privilege_escalation rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4