netsupport | 4cce281b08e8d22ecfd26f3ba3aed48a3c0178d4e1055d2e09761d74b87f5f31 | Triage

Sharing

General

Target

3c387c0db035c0c3185d6fbd1ab46bd1.bin
Size

20.0MB
Sample

241110-bk9zbsvqgw
MD5

fc066f90698f8a3bfcc898b8b71853df
SHA1

f7c0be857cbdf16a79ee5520375b206d0cf6e55d
SHA256

4cce281b08e8d22ecfd26f3ba3aed48a3c0178d4e1055d2e09761d74b87f5f31
SHA512

5909c494a96f9087050d543d39e2cb325eb75303cdba87f48f0b446006f364444b7feef7c7679d2d36896066a073aa6088cd94ed1acd8083e9de47c69ef812d9
SSDEEP

393216:Ke2PKpyUYYrAXf0dX7GaLOC3iCLLW4N0jI8g8VNrgX6PPZ/PETq42gkl/YnAPZ:l2oYYGf0dX7GaPtnPN0jIE/PZ0h2gkld

Score

10^/10

netsupport discovery execution persistence rat

Malware Config

Targets

- Target
  
  a1720d68eef7dc381a533fd8584a227db3dbcaed16098a0d7f31077f95355e8c.exe
- Size
  
  20.4MB
- MD5
  
  3c387c0db035c0c3185d6fbd1ab46bd1
- SHA1
  
  7b6e6212a6d13800282bd2cb362c2a311d89e543
- SHA256
  
  a1720d68eef7dc381a533fd8584a227db3dbcaed16098a0d7f31077f95355e8c
- SHA512
  
  a6e431c98cafaf3762d5d1d60ab337d4a002c0dd90ae830d6b513c97e333adc3bdf8ce70ad65d6149878fb48d94b762902038d44909b662603c6082997071e76
- SSDEEP
  
  393216:xrjU2t/X9E3JMUNccjPql0NbgVunl22V5v+8gDRmffwuvO:tjU2p9EZvNdjP6Kbaunldv+8ORmXwu2
Score

10^/10

discovery execution netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

netsupportdiscoveryexecutionpersistencerat