netsupport | aec60777678b983d8ab99545478e0a91f40d220c59d477aaf8fac54b9effb55d | Triage

Sharing

General

Target

aec60777678b983d8ab99545478e0a91f40d220c59d477aaf8fac54b9effb55d.exe
Size

20.4MB
Sample

241120-p55f8sxeqp
MD5

ff3296e5993fc61ffd441df68838c1a1
SHA1

dfe647c95564ce37ec2423a31c2cba986796f73d
SHA256

aec60777678b983d8ab99545478e0a91f40d220c59d477aaf8fac54b9effb55d
SHA512

4c8ddcab21040eacb07d1c3d840230bbf414712bc44f8a4591ae539ffc55b601838d177340340b4c4f0c148c854c061f373990647e1e35336f0f9ba4f1f01f2c
SSDEEP

393216:xrjU2t/X9E3JMUNccjPql0NbgVunl22V5v+8gDRmffwuvu:tjU2p9EZvNdjP6Kbaunldv+8ORmXwuW

Score

10^/10

netsupport discovery execution persistence rat

Malware Config

Targets

- Target
  
  aec60777678b983d8ab99545478e0a91f40d220c59d477aaf8fac54b9effb55d.exe
- Size
  
  20.4MB
- MD5
  
  ff3296e5993fc61ffd441df68838c1a1
- SHA1
  
  dfe647c95564ce37ec2423a31c2cba986796f73d
- SHA256
  
  aec60777678b983d8ab99545478e0a91f40d220c59d477aaf8fac54b9effb55d
- SHA512
  
  4c8ddcab21040eacb07d1c3d840230bbf414712bc44f8a4591ae539ffc55b601838d177340340b4c4f0c148c854c061f373990647e1e35336f0f9ba4f1f01f2c
- SSDEEP
  
  393216:xrjU2t/X9E3JMUNccjPql0NbgVunl22V5v+8gDRmffwuvu:tjU2p9EZvNdjP6Kbaunldv+8ORmXwuW
Score

10^/10

discovery execution netsupport persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

netsupportdiscoveryexecutionpersistencerat