Overview

overview

10

Static

static

3

7z2408/7Zz.exe

windows10-ltsc 2021-x64

10

7z2408/7Zz.exe

windows11-21h2-x64

10

7z2408/7z2408-x64.exe

windows10-ltsc 2021-x64

7

7z2408/7z2408-x64.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7z2408.zip

  • Size

    3.6MB

  • Sample

    241029-s4f9sswgjl

  • MD5

    1c680d9ace4ca395e69c15c4e57dadbf

  • SHA1

    a9b71953bb079676286777c22260fd2b3caaa0c7

  • SHA256

    cf7d975451c33a4420874988e887085251db25ab0df3fdd8b83da69885cb4696

  • SHA512

    690f3c8b0b3b1d7f9f0ace9161396e64aa024a1c1569a53a2a56b2d65dbb9f43e1569375efdf91e6a151e38dd43d5d5af41bd2b4de72730f8f3b49dadb84fbc5

  • SSDEEP

    98304:Epowx4xhXFS4fUwqGCSEENOzeuAGrXnF6uolEz4ok:EpF4bFS6WSLNOuO872Q

Score
10/10
netsupportdiscoverypersistenceprivilege_escalationrat

Malware Config

Targets

    • Target

      7z2408/7Zz.exe

    • Size

      54KB

    • MD5

      ecd18e8d01589119199a0334df4975e1

    • SHA1

      c44e84675a79746f5f9868b7730f80156dd5f122

    • SHA256

      0d191647a5b16a6f9521a16b0e262a3aea98537eeec94a542da9a812060160f1

    • SHA512

      6231deb1a2d3d76723bfea2aa9710b14f4c447e6fe22fd9e1b97b79457a9f9fbaa2c8a713cd7580144313569820e4c46ee0c040a02aed411ad4e79781aad0eb1

    • SSDEEP

      1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opg+o2:lImfzoXK9/o6A

    Score
    10/10
    netsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport
    behavioral1behavioral2

    • Target

      7z2408/7z2408-x64.exe

    • Size

      1.5MB

    • MD5

      0330d0bd7341a9afe5b6d161b1ff4aa1

    • SHA1

      86918e72f2e43c9c664c246e62b41452d662fbf3

    • SHA256

      67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

    • SHA512

      850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

    • SSDEEP

      24576:UEBmEo1y9fcw5K42KmEDaMYAhr08oSG4OdWrfjcaHSNXJdx7wE9iko6qzLJmYYUP:UEvoo24xV2JJdPwMJ3x75z5q0jc/3

    Score
    7/10
    discoverypersistenceprivilege_escalation

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks