Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    241125-rcy5vswqbp

  • MD5

    a3cea314d888a08b79002656a9f4b927

  • SHA1

    396b9f96219785f0c80c69703dc623c23554affc

  • SHA256

    64356e6b4781925ef940695d869a826dc229e911919faf8729d8dfb34f31e61a

  • SHA512

    a279ce78302acb55f97181cf1bcd80982ca794995273af971c027fbb63b8ed7db14007ae0f84001d3a8b0502ca556cedb9ed4d6e95925bf853c2993f028b078d

  • SSDEEP

    49152:kDjlabwz9F+H1Zf8NNbTfvaw2EheBgtpsDf5Log8nUQkFG534txeqJ:0qwPk1ZfWhvcEhQGa178UnFdJ

Score
10/10
netsupportdiscoverypersistencerat

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      a3cea314d888a08b79002656a9f4b927

    • SHA1

      396b9f96219785f0c80c69703dc623c23554affc

    • SHA256

      64356e6b4781925ef940695d869a826dc229e911919faf8729d8dfb34f31e61a

    • SHA512

      a279ce78302acb55f97181cf1bcd80982ca794995273af971c027fbb63b8ed7db14007ae0f84001d3a8b0502ca556cedb9ed4d6e95925bf853c2993f028b078d

    • SSDEEP

      49152:kDjlabwz9F+H1Zf8NNbTfvaw2EheBgtpsDf5Log8nUQkFG534txeqJ:0qwPk1ZfWhvcEhQGa178UnFdJ

    Score
    10/10
    netsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks