General

  • Target

    CiscoSetup.exe

  • Size

    16.1MB

  • Sample

    241101-nj1qgs1akj

  • MD5

    91f7229586df2c577a54ad0d1a5bdcb1

  • SHA1

    938b4ddf983e035130a7fcbf0458c4f9d5b69ca5

  • SHA256

    80f7768cbf016ae16f5758e31d9eb2d277c0566654f05bad152ecbde6eb616e5

  • SHA512

    089ec05f751306b994eb1265245961c2f51b89679f4b70c08a0404fcfd7d6d6deec8133ee5f3f04e82d7272ec4c95bee3859fa9c74be0b96966c569fef258c0e

  • SSDEEP

    393216:PexFZAWTc+MZ3mOvSY6oDXtVVFOzWt8zLDVi:+AL+WmOvS9qDSzHzL0

Malware Config

Targets

    • Target

      CiscoSetup.exe

    • Size

      16.1MB

    • MD5

      91f7229586df2c577a54ad0d1a5bdcb1

    • SHA1

      938b4ddf983e035130a7fcbf0458c4f9d5b69ca5

    • SHA256

      80f7768cbf016ae16f5758e31d9eb2d277c0566654f05bad152ecbde6eb616e5

    • SHA512

      089ec05f751306b994eb1265245961c2f51b89679f4b70c08a0404fcfd7d6d6deec8133ee5f3f04e82d7272ec4c95bee3859fa9c74be0b96966c569fef258c0e

    • SSDEEP

      393216:PexFZAWTc+MZ3mOvSY6oDXtVVFOzWt8zLDVi:+AL+WmOvS9qDSzHzL0

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks