General

  • Target

    Advanced_IP_Scanner_2.5.4594.12.exe

  • Size

    20.4MB

  • Sample

    241031-v69p8stjhj

  • MD5

    446c29d515104b6752c1e9da981d4e5e

  • SHA1

    d52760df6b22805a4470a6b2e72654ce36577f30

  • SHA256

    7b13496fb45b51e821771d63bbd1d503f07710f676481ff34962b051283d8033

  • SHA512

    c1ad4560b055f630fae3487f0914e8b486d985edc4cf987649e190e1f36fc2ca47044ba94822add92245886a8048890fdda8263651d58a34d6ca0e85a3a73804

  • SSDEEP

    393216:fTjU2t/X9E3JMUNccjPql0NbgVunl22V5v+w4lWKjEGZuv5:bjU2p9EZvNdjP6Kbaunldv+w4As7Zux

Malware Config

Targets

    • Target

      Advanced_IP_Scanner_2.5.4594.12.exe

    • Size

      20.4MB

    • MD5

      446c29d515104b6752c1e9da981d4e5e

    • SHA1

      d52760df6b22805a4470a6b2e72654ce36577f30

    • SHA256

      7b13496fb45b51e821771d63bbd1d503f07710f676481ff34962b051283d8033

    • SHA512

      c1ad4560b055f630fae3487f0914e8b486d985edc4cf987649e190e1f36fc2ca47044ba94822add92245886a8048890fdda8263651d58a34d6ca0e85a3a73804

    • SSDEEP

      393216:fTjU2t/X9E3JMUNccjPql0NbgVunl22V5v+w4lWKjEGZuv5:bjU2p9EZvNdjP6Kbaunldv+w4As7Zux

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks