netsupport

Sharing

Copy URL

Twitter E-mail

General

Target

281024afqk0.msix (1).zip
Size

8.6MB
Sample

241029-e9588awaqr
MD5

6001f176a97d9a281fef4bf14c3f4004
SHA1

713fff9db673d4e2cdb7aa9815a2286b31724965
SHA256

164442f00f7c9fa2e5b279d8d16fc3b29bf6dcda098d25f530573f4a3ff30169
SHA512

f7de4e2943c4443a18d91ecfcd24da109970467becbbc7e693684fbb3af73f1b610e430b1ef0a7b1f0964037601ef271a41b88fafc904a180526da440f271643
SSDEEP

196608:0QFhy2ANI4C4OhqK6hE62E/MLoW2yJLwfdm2NV9lDegE5PTtvNBZh:0QKVzOz6hWE/0J8fdm2NnVrWlN

Score

10^/10

Malware Config

Targets

- Target
  
  281024afqk0.msix (1).zip
- Size
  
  8.6MB
- MD5
  
  6001f176a97d9a281fef4bf14c3f4004
- SHA1
  
  713fff9db673d4e2cdb7aa9815a2286b31724965
- SHA256
  
  164442f00f7c9fa2e5b279d8d16fc3b29bf6dcda098d25f530573f4a3ff30169
- SHA512
  
  f7de4e2943c4443a18d91ecfcd24da109970467becbbc7e693684fbb3af73f1b610e430b1ef0a7b1f0964037601ef271a41b88fafc904a180526da440f271643
- SSDEEP
  
  196608:0QFhy2ANI4C4OhqK6hE62E/MLoW2yJLwfdm2NV9lDegE5PTtvNBZh:0QKVzOz6hWE/0J8fdm2NnVrWlN
Score

10^/10

netsupport discovery execution persistence privilege_escalation rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  PsfLauncher32.exe
- Size
  
  302KB
- MD5
  
  e005414b82df848717581bd260725b02
- SHA1
  
  6ad75f8152617858d463f36cf4b2ce432e0ad4df
- SHA256
  
  312bd304860f9865ed4073f5baffde8df9907a1ebfedd2d1d637ab48db3ca004
- SHA512
  
  be3d06d2049551e2d5acc3232c6d520236747d53dc49e388c6e616d1f7e1f6f7b6338a4e743773f5461589f2325a8a722af023009cc709f076f51e418382b562
- SSDEEP
  
  6144:Z85jcjnYXSFt8NUBtirDpOzF2akGcoRJKCNWcWAOEOrCng:Z85jedFtOdEF2asjnzrag
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  PsfLauncher64.exe
- Size
  
  370KB
- MD5
  
  bfcb4275530e99a5e3fca4614a645fb5
- SHA1
  
  622421f44db52d39947e8229f7fa44a98339957f
- SHA256
  
  338fc84d0b309a726bae061ae7ef727884fd43a71aff70900dbce27de07791ea
- SHA512
  
  21cab7c56f53305038fa5603720853a38aeddf0dde2e02c9f1d0e83d6dbf9983f755b11a00d487bb8356b0ab69cf9e953a9786cd89e2180b7d428e038271c41b
- SSDEEP
  
  6144:thxzPfoMtkmiZqfrnZSG85YhDFohEUMaWT4I+wKn:tnzPLtbWqDUsNFoOaGKn
Score

1^/10
behavioral5 behavioral6
- Target
  
  PsfRunDll32.exe
- Size
  
  92KB
- MD5
  
  96376177175a1b23a95c6498e9ffb2b5
- SHA1
  
  f9d41e74bf714ed8ba60eac4f99060a5d5f92b26
- SHA256
  
  324f1db0dbe4a6577425d0c3dd72d4681e5000cca9d17cc62a2af0fcce12eca2
- SHA512
  
  f792432ac0c675548849ea238934ea84eadc44cd94eb9e2e7859267e20ea18a52a9d562602d96f61c5080e0fa94caa4ef6a41e49bafb670b7dd29e35490b48df
- SSDEEP
  
  1536:IU5eCS6ZrIb3BIh7iCH+E+MteSQ40X/qchNXQDGdl0S6gsWRUchcdesCkwcmSZ0l:/eCh23BIhWCMSQ40XCMNl0F6kesCkwcu
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  PsfRunDll64.exe
- Size
  
  115KB
- MD5
  
  8466f69926a22670dcf6515a4fc3c054
- SHA1
  
  fd7a2d377cce9545fff272905af7016bd512aefc
- SHA256
  
  b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4
- SHA512
  
  5be11238923613169a2627b01db76a09b83e8215dd1872f8e96d8f646171bd9e365fa653da221671fd46258f661794b846ed09aa4369b5d55b3ac27f0b96b0e7
- SSDEEP
  
  3072:poN2YAE6yqki92M43MBaxRjn+ryYA/M5sfhew:pgAE6yq0MBBijDM5sfd
Score

1^/10
behavioral10 behavioral9
- Target
  
  PsfRuntime32.dll
- Size
  
  368KB
- MD5
  
  a9f0eeb621dd5883258113cc4b490929
- SHA1
  
  3c84cdde573eb0f94865f749d9095940cdef409e
- SHA256
  
  11d6916d6066e481f5d19bb503f654dcf9cac80aef818c2b52a2a1f0ca2efd5a
- SHA512
  
  336709007cb4723227f47ff153c99630209995315c8ecbbbe1ca24a48a133ed74ad6e557a123886dbb9a2022c752c67ef7c26524e6a59e8f0e125753a264c2fd
- SSDEEP
  
  6144:gkIVNQKH9HisvT9/taRJ9AONndrKV1UaMCk7KxAOOCyXjmw:gkIVDvT9/t6nAuEMjOxICQjmw
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  PsfRuntime64.dll
- Size
  
  467KB
- MD5
  
  61863b4c1aeefe10d69f54c03d373fd5
- SHA1
  
  4b448f7b4358945b3e9d744d97d6b7c860e5c5b8
- SHA256
  
  495b13461b13c3ce1c766d9899b860add4dfcd9e6b2dc5815389aed6e26cda0e
- SHA512
  
  f97b69a5567e477ca67ad7f41933b00a57f74bb4f69c01161c17735b8bb35590cf06aff0fafe8308104e9385a0eb808d8735be9a744c8d2d100c9a9ea5f842a8
- SSDEEP
  
  12288:ybYu1g7I2hxD54yFTuWwp6wYcoDvbAfE63U4:qg7I2hZDFTuW/wx+kHU4
Score

1^/10
behavioral13 behavioral14
- Target
  
  StartingScriptWrapper.ps1
- Size
  
  14KB
- MD5
  
  da5bf3010154020db9db4cf8832b42ea
- SHA1
  
  15ba3dc3bbcb16a26839862d79b3519e74a5e03a
- SHA256
  
  7778c658411a2f1649ced14cdfe8a92145c1c7fa53b1ce5b14920000fe99bd98
- SHA512
  
  d70c6df571a069797f5eb1ac9a3e30293914b8f1378714e97ae0b881ee5a833f0944ee7246e2768ed74747637deade85306e837a25b1757a1bc3abb7d6eaa9e2
- SSDEEP
  
  384:wrBzBV4OHcvFcYlu2V8uMcg5apqpBw2qFA5WFQExxR/c/mZ1:KBr4DSYlu2VzMcgwgBLqJQO/ceD
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  VFS/ProgramFilesX64/13/13.exe
- Size
  
  826KB
- MD5
  
  e58073e04563ee374ac9d33d64292b12
- SHA1
  
  2fce424fe45978693610d0226c73648932cc1005
- SHA256
  
  bf2ec1a2ea0242a24bb9c5b7bcaee3f335edcc384aabd07bbfe93e74888cb26c
- SHA512
  
  045d7b4f55aff32f15b0673dde1ba545fa81b4c8036b2a5dea5981ef1a7a103f40617bd5b66997e0658a9c7b51cf3c5978a625261d5e9e7c20670fe6abd81c2c
- SSDEEP
  
  24576:e8VzM+vWJXYXuT7i0k/i0Rt5w4VrpMzLnODs:eAgCWJoBD/pPQis
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  VFS/ProgramFilesX64/13/7za.dll
- Size
  
  283KB
- MD5
  
  ef65428f79e120e5fc10e3eecb843d17
- SHA1
  
  4428930e17bccef34298826756c9af43106c3178
- SHA256
  
  3fc4ade77fa6207c646ca3906bb8c0f21b3472ca8dfcde6635ad6da5ab5491ea
- SHA512
  
  9d312179ff1b7c692252bdfd241d245e8d57b0cae6ce5c8c7755f9f074f8e31c63d93e4fae341f0af8824fc0b6c278bfe3efdb8c27e36f87a4375bd3d27caedb
- SSDEEP
  
  6144:o2ymhthvdTJ65E44h/84s+Eol8p/wReA+H6Y7hby4xPuAM6QJ3yV:olmhthvdTJ65EVg1uETH6uzxmAMLo
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  VFS/ProgramFilesX64/13/7zxa.dll
- Size
  
  159KB
- MD5
  
  5c4408747f4bb3e3e65669004db8f8ec
- SHA1
  
  7ac6b8a217dca16deb60c7132a0aa3e5a1b8dd9a
- SHA256
  
  b20a579d21ec7d3bc3c80c5f0a4d6921b78f6af3b6e285e013f84220e143405c
- SHA512
  
  a8c6ed02ba46d8f57c756d5dc279ce84b56a44bb5e3130ae475b400d551f055f30209a7cc9fb6d54569750724921077dfa21c5e1e35943deb7de731dfcef8245
- SSDEEP
  
  3072:o/W7sa+jaIQG8eBqcDbOWR3EHmG1xW2AdNw6bvw/9jQm6ibMdGptziybUT:onX8eIcDSq3EHmG1dAdNw6zw/9p6ibeR
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  VFS/ProgramFilesX64/13/Far/7-ZipFar.dll
- Size
  
  273KB
- MD5
  
  d04533fdbb455465721f437a2d849b8b
- SHA1
  
  bd8217249cf01e86b44d2ec17280de79d19dfcfd
- SHA256
  
  8e6d2b5bdfc4c1d3b88643a47aa13ab15005039456a7d4ebb078a42568a341b4
- SHA512
  
  2ec1d78b4e3e65db7b2ccea768e7f1964347198af1b276bebf00a91125c2fc2c3649e54f1fc61cb94d3b03fc9091abe3cf220d515e501f4c2fcc7f06a22b70ff
- SSDEEP
  
  6144:pIVsh0MxpsgoXiDlHU5N0CHzx6KyJzE0LMtSlzNhnrgWWgOf71q:vVmiZ05N0CHz85JYvkNh+gOT
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  VFS/ProgramFilesX64/13/Far/7-ZipFar64.dll
- Size
  
  458KB
- MD5
  
  f8c737ca365dbbae5e0010e75bd641b3
- SHA1
  
  997b00a5807ffff06298b11e6c5cd427dc8d2402
- SHA256
  
  05c932f7c7391ba29b3dec39a7e273a9b51f1c6bd75b0aa942c08e1fa91dced8
- SHA512
  
  5f632dc5f85eab78ba7030be0347e497e309c4ebf109fb765368171ad5e56361f797bc742b25b1296240a02ed55eb4c14b76be849149b3b6367a00792fcdc7be
- SSDEEP
  
  12288:SkQxAVquWibWM1ysXvTz4NaGVg/6k+VrKk:lqni6M1yovTz4NaGY6nRK
Score

1^/10
behavioral25 behavioral26
- Target
  
  VFS/ProgramFilesX64/13/GoogleChrome2.7z
- Size
  
  1.4MB
- MD5
  
  99732fb703c4d1e51ddabde2c96975e8
- SHA1
  
  4fbff9403124dc7f5a5c1ae6252c9ffacdb1df72
- SHA256
  
  3ec04b5c60939209c5d19dd525e53425aef8803d242d9ad63346445ebe09398c
- SHA512
  
  09bd5f55b25b243d695a4f91f65bd9559f27d122d5da180312d38e83d983d743f8db2a7883aa3550f2efbad7b71510ce87393c89ee0d04c854a957788f96e10d
- SSDEEP
  
  24576:sPkEzUSYY7iMv1BKENeII6Jz3/A1PIhus8SWQZSGzDQlEpHPCEZD8Bz7zTVw/80C:36Hti7nII6N/v4QZSGzDQlul98Bz7/VP
Score

1^/10
behavioral27 behavioral28
- Target
  
  VFS/ProgramFilesX64/13/arm64/7-ZipFar.dll
- Size
  
  457KB
- MD5
  
  75e8535d87e708b53f20d0bb4707129f
- SHA1
  
  72ef3279ec34e404eb1b9db21cc1139d8b547eb0
- SHA256
  
  6ad01b9d823c3fa3c623483e302d04568e35230091aa8af7750715b9739ce3ca
- SHA512
  
  8d5c865668e17ef129e274487eadc375325c7d8e8685108a1752f95f6526253a8ab000af8815b567358542b9326a44fa966bf9d8bc22e095f2dc770dbbca8cd4
- SSDEEP
  
  6144:Esmzrvdw2gRlFmdT/oJ8A244PZ35wDDXjvfgNsNTeekilpi4lPbuOF4YSmCB7BLj:Oxgd+T/68AJeKANsZnaRnT
Score

1^/10
behavioral29 behavioral30
- Target
  
  VFS/ProgramFilesX64/13/arm64/7za.dll
- Size
  
  434KB
- MD5
  
  ae6a4f422e16e45b5dd0ab6da1a82d8e
- SHA1
  
  3fe04a626232b0c3de6770f8e2c600aeb4c626e8
- SHA256
  
  49e0503b316076b9e0c90c9e3a0c475ef5d9b4376d33d702e0469029a0008e88
- SHA512
  
  940fe46e357ba3601998e4639a30c8df49d6ea92562afda65decd13f7c3d9b3a72c9d89cf1246d9a1bd97e5b8a7197cb789ce752f5dbbe0c1586bc0b2549b120
- SSDEEP
  
  6144:QxU19008UrXRzK2xELbGQscTe8xRuKX/hyTSfUp1sL5T0:F19Z8UrX+Lb6/8r+SM7
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Netsupport family

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32