netsupport

Sharing

Copy URL

Twitter E-mail

General

Target

7z2408.zip
Size

3.6MB
Sample

241029-tq7p9svrdx
MD5

1c680d9ace4ca395e69c15c4e57dadbf
SHA1

a9b71953bb079676286777c22260fd2b3caaa0c7
SHA256

cf7d975451c33a4420874988e887085251db25ab0df3fdd8b83da69885cb4696
SHA512

690f3c8b0b3b1d7f9f0ace9161396e64aa024a1c1569a53a2a56b2d65dbb9f43e1569375efdf91e6a151e38dd43d5d5af41bd2b4de72730f8f3b49dadb84fbc5
SSDEEP

98304:Epowx4xhXFS4fUwqGCSEENOzeuAGrXnF6uolEz4ok:EpF4bFS6WSLNOuO872Q

Score

10^/10

Malware Config

Targets

- Target
  
  7z2408/7Zz.exe
- Size
  
  54KB
- MD5
  
  ecd18e8d01589119199a0334df4975e1
- SHA1
  
  c44e84675a79746f5f9868b7730f80156dd5f122
- SHA256
  
  0d191647a5b16a6f9521a16b0e262a3aea98537eeec94a542da9a812060160f1
- SHA512
  
  6231deb1a2d3d76723bfea2aa9710b14f4c447e6fe22fd9e1b97b79457a9f9fbaa2c8a713cd7580144313569820e4c46ee0c040a02aed411ad4e79781aad0eb1
- SSDEEP
  
  1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opg+o2:lImfzoXK9/o6A
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
behavioral1 behavioral2
- Target
  
  7z2408/7z2408-x64.exe
- Size
  
  1.5MB
- MD5
  
  0330d0bd7341a9afe5b6d161b1ff4aa1
- SHA1
  
  86918e72f2e43c9c664c246e62b41452d662fbf3
- SHA256
  
  67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
- SHA512
  
  850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1
- SSDEEP
  
  24576:UEBmEo1y9fcw5K42KmEDaMYAhr08oSG4OdWrfjcaHSNXJdx7wE9iko6qzLJmYYUP:UEvoo24xV2JJdPwMJ3x75z5q0jc/3
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  7z2408/AudioCapture.dll
- Size
  
  91KB
- MD5
  
  4182f37b9ba1fa315268c669b5335dde
- SHA1
  
  2c13da0c10638a5200fed99dcdcf0dc77a599073
- SHA256
  
  a74612ae5234d1a8f1263545400668097f9eb6a01dfb8037bc61ca9cae82c5b8
- SHA512
  
  4f22ad5679a844f6ed248bf2594af94cf2ed1e5c6c5441f0fb4de766648c17d1641a6ce7c816751f0520a3ae336479c15f3f8b6ebe64a76c38bc28a02ff0f5dc
- SSDEEP
  
  1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  7z2408/HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  2d3b207c8a48148296156e5725426c7f
- SHA1
  
  ad464eb7cf5c19c8a443ab5b590440b32dbc618f
- SHA256
  
  edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796
- SHA512
  
  55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c
- SSDEEP
  
  6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  7z2408/PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  a0b9388c5f18e27266a31f8c5765b263
- SHA1
  
  906f7e94f841d464d4da144f7c858fa2160e36db
- SHA256
  
  313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
- SHA512
  
  6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd
- SSDEEP
  
  192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  7z2408/PCICL32.DLL
- Size
  
  3.5MB
- MD5
  
  ad51946b1659ed61b76ff4e599e36683
- SHA1
  
  dfe2439424886e8acf9fa3ffde6caaf7bfdd583e
- SHA256
  
  07a191254362664b3993479a277199f7ea5ee723b6c25803914eedb50250acf4
- SHA512
  
  6c30e7793f69508f6d9aa6edcec6930ba361628ef597e32c218e15d80586f5a86d89fcbee63a35eab7b1e0ae26277512f4c1a03df7912f9b7ff9a9a858cf3962
- SSDEEP
  
  49152:xOHDe5Yr6tYA4S+DjdwfwBTNZaZQclSpmTIH:xOHDe5YrvS+tBQSEm
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  7z2408/TCCTL32.DLL
- Size
  
  382KB
- MD5
  
  405a7bca024d33d7d6464129c1b58451
- SHA1
  
  22b64e211d96d773c510ac82e7a73f8debf4e4cd
- SHA256
  
  092c3ec01883d3b4b131985b3971f7e2e523252b75f9c2470e0821505c4a3a83
- SHA512
  
  3c8d4cbf377a8beb793c93b63d521ccd75167dec02da43bb91434cb6b0737ca2d61fa201f2825fd1a0ceaae768bb53d78f737e7c412aae83d3cdc748893f31e6
- SSDEEP
  
  6144:/0pwbUb486Yu0LIFZf4TktH4aY384az44lstAZPVJ4hPueU12jXvbJaS0T9XjJpX:8pwbUb48Ju0LIFZf4Tk2aY3FasNAZtJp
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  7z2408/msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  7z2408/pcicapi.dll
- Size
  
  32KB
- MD5
  
  dcde2248d19c778a41aa165866dd52d0
- SHA1
  
  7ec84be84fe23f0b0093b647538737e1f19ebb03
- SHA256
  
  9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
- SHA512
  
  c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166
- SSDEEP
  
  768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  7z2408/remcmdstub.exe
- Size
  
  61KB
- MD5
  
  35da3b727567fab0c7c8426f1261c7f5
- SHA1
  
  b71557d67bcd427ef928efce7b6a6529226415e6
- SHA256
  
  89027f1449be9ba1e56dd82d13a947cb3ca319adfe9782f4874fbdc26dc59d09
- SHA512
  
  14edadceeceb95f5c21fd3a0a349dd2a312d1965268610d6a6067049f34e3577fc96f6ba37b1d6ab8ce21444208c462fa97fab24bbcd77059bc819e12c5efc5a
- SSDEEP
  
  1536:bJfanvXuN86jJ9hUHYBlXUYwT24a+yVwQ:lanPGjJTU4IYia+yVX
Score

3^/10

discovery
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Netsupport family

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20