netsupport | b5405f7554de66f166fb12da71be38e24af748dfe4c00bee6e727e92a2d3f76a | Triage

Sharing

General

Target

download.zip
Size

2.4MB
Sample

241028-xe6klsspej
MD5

a6d34d50e4d15767b1f83baab67c8d48
SHA1

b93b87645bebbd55954ea7dd13e987c260d5553f
SHA256

b5405f7554de66f166fb12da71be38e24af748dfe4c00bee6e727e92a2d3f76a
SHA512

447cd355eb49b193590b7bf83e20f0908069e5f7404c8c24b510129c2fb9d77e0a7d7c1cfb0f0e852176e0dcbc9041d9465619cf5317bf5c23f0320e79bbda81
SSDEEP

49152:ZHcdbUJZ7yjKBsjMLsTHGh9FWJt0tvzrcYeSMVW:FcNjKBcrq9FOaPpeLVW

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  ForceCPU.exe
- Size
  
  19KB
- MD5
  
  b982a103b0d4e0db856026a163124bf3
- SHA1
  
  40772be00068bbd394ff0fccd551151a822f3e70
- SHA256
  
  2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
- SHA512
  
  214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
- SSDEEP
  
  192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score

1^/10
behavioral1 behavioral2
- Target
  
  GA.Analytics.Monitor.dll
- Size
  
  52KB
- MD5
  
  6f9e5c4b5662c7f8d1159edcba6e7429
- SHA1
  
  c7630476a50a953dab490931b99d2a5eca96f9f6
- SHA256
  
  e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
- SHA512
  
  78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
- SSDEEP
  
  768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score

1^/10
behavioral3 behavioral4
- Target
  
  HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  c94005d2dcd2a54e40510344e0bb9435
- SHA1
  
  55b4a1620c5d0113811242c20bd9870a1e31d542
- SHA256
  
  3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899
- SHA512
  
  2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a
- SSDEEP
  
  6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  104b30fef04433a2d2fd1d5f99f179fe
- SHA1
  
  ecb08e224a2f2772d1e53675bedc4b2c50485a41
- SHA256
  
  956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd
- SHA512
  
  5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f
- SSDEEP
  
  192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  PCICL32.DLL
- Size
  
  3.6MB
- MD5
  
  d3d39180e85700f72aaae25e40c125ff
- SHA1
  
  f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15
- SHA256
  
  38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5
- SHA512
  
  471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f
- SSDEEP
  
  49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  SetupHelper
- Size
  
  31KB
- MD5
  
  45a29924b29cd5881da857104c5554fe
- SHA1
  
  75716bfcb46aa02adc1e74369ec60f1c27e309b9
- SHA256
  
  b31d4c6a86bad9eaffaa543476261aaa95705fffaaf367a6ab67133c6af5fcfe
- SHA512
  
  0ee65dc21bfb5be949a8d96f0d5c04dba70c83988ddf460e9ce18e32eeb27fcb350e85b1ed5951ec2b5b2ad6506fa117fbe5495eabf58756fc66111f52b1b631
- SSDEEP
  
  384:/iWwgLJEt/aSoPJY6MQ5h4/upvYHfWuFR7j4XpMQv/upvYHfWuFRhL2pNrZk6kbL:/iQaaSRqhRR2fTEQR2fTH2pN266Hr
Score

1^/10
behavioral11 behavioral12
- Target
  
  TCCTL32.DLL
- Size
  
  387KB
- MD5
  
  eab603d12705752e3d268d86dff74ed4
- SHA1
  
  01873977c871d3346d795cf7e3888685de9f0b16
- SHA256
  
  6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea
- SHA512
  
  77de0d9c93ccba967db70b280a85a770b3d8bea3b707b1abb037b2826b48898fec87924e1a6cce218c43478e5209e9eb9781051b4c3b450bea3cd27dbd32c7f3
- SSDEEP
  
  12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  client32.exe
- Size
  
  101KB
- MD5
  
  c4f1b50e3111d29774f7525039ff7086
- SHA1
  
  57539c95cba0986ec8df0fcdea433e7c71b724c6
- SHA256
  
  18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
- SHA512
  
  005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5
- SSDEEP
  
  768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
behavioral15 behavioral16
- Target
  
  libssl-3-x64.dll
- Size
  
  547KB
- MD5
  
  4ad9afd9ff710d89aa7530241771f9d9
- SHA1
  
  b0f233fde9ebc6438c66051fd13e89b9d457894a
- SHA256
  
  956a4925b8c2a62c7f639e855b1672a162610138f670f1d7ba6ab71ad3d94541
- SHA512
  
  28a167cbf7acca2bf36f7c50bc0302fd040812df678d1d36d1fcadbbfadb279444849aad0228c864d6866b00e36c09c2ff9a6a9d867c25b6000384b421a2f8f5
- SSDEEP
  
  6144:w5/NMS+7xbMkZThK/uhetwSzJupTJc2pqrbccv+5NDmqhIA3vCePl01sQi7PUYgh:wFNEQYKxtwAJeTJc2pmUD/v01sQigLW
Score

1^/10
behavioral17 behavioral18
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  pcicapi.dll
- Size
  
  32KB
- MD5
  
  34dfb87e4200d852d1fb45dc48f93cfc
- SHA1
  
  35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641
- SHA256
  
  2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703
- SHA512
  
  f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2
- SSDEEP
  
  768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  remcmdstub.exe
- Size
  
  62KB
- MD5
  
  6fca49b85aa38ee016e39e14b9f9d6d9
- SHA1
  
  b0d689c70e91d5600ccc2a4e533ff89bf4ca388b
- SHA256
  
  fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814
- SHA512
  
  f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622
- SSDEEP
  
  1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
Score

3^/10

discovery
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

netsupportdiscoveryrat

behavioral16

netsupportdiscoveryrat

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24