Overview

overview

10

Static

static

1

Update.js

windows7-x64

8

Update.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Update.txt

  • Size

    3.9MB

  • Sample

    241113-x9sbgaxme1

  • MD5

    4c91a837a94d9587967bc3fe040d65f0

  • SHA1

    f7aaadbcac1b324bcff44337af3c5aa4a20f1411

  • SHA256

    7b19538dcf6d4bb84590c458f09c5707c8db53a42861fa56533c49c1a3acd953

  • SHA512

    3a6e7a0e28830d8e7c16cb833743408c3453f0ff9fd0818671ccb50dd0ddf73dd0d3d7a9719b3826918aeaabe859eb36660b0d296ab81651dd2f2914ba5038b4

  • SSDEEP

    49152:OCz4F9dM2furCz4F9dM2fupCz4F9dM2furCz4F9dM2fuVCz4F9dM2furCz4F9dME:OkGgkG+kGgkGMkGgkG9

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      Update.txt

    • Size

      3.9MB

    • MD5

      4c91a837a94d9587967bc3fe040d65f0

    • SHA1

      f7aaadbcac1b324bcff44337af3c5aa4a20f1411

    • SHA256

      7b19538dcf6d4bb84590c458f09c5707c8db53a42861fa56533c49c1a3acd953

    • SHA512

      3a6e7a0e28830d8e7c16cb833743408c3453f0ff9fd0818671ccb50dd0ddf73dd0d3d7a9719b3826918aeaabe859eb36660b0d296ab81651dd2f2914ba5038b4

    • SSDEEP

      49152:OCz4F9dM2furCz4F9dM2fupCz4F9dM2furCz4F9dM2fuVCz4F9dM2furCz4F9dME:OkGgkG+kGgkGMkGgkG9

    Score
    10/10
    executionnetsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks