Overview

overview

10

Static

static

3

589f4a38b2...7N.exe

windows7-x64

10

589f4a38b2...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    589f4a38b2615f048bba788b1ea3bf0f4e2d12184e455d50152f01a387129f27N.exe

  • Size

    2.1MB

  • Sample

    241129-yycx3sykfq

  • MD5

    69fd541c0dea551111289a95a325b990

  • SHA1

    3710ee3600ae6f61ae72bef4517a1fece313fd8b

  • SHA256

    589f4a38b2615f048bba788b1ea3bf0f4e2d12184e455d50152f01a387129f27

  • SHA512

    f59082764136091da2ccd64813efd5d82bdde755fd4995d98b2709eec66b9a3eac36b90e5b322f79de4dfc292a1c14bd70ef685c1eb61f2a19050f9163f60b24

  • SSDEEP

    49152:ABfcw6NbHHBp7k5hh3k092+OIwgR3v5OOqbzb9eha:akwYt5ShpkNmwiZ2b

Score
10/10
netsupportdiscoverypersistencerat

Malware Config

Targets

    • Target

      589f4a38b2615f048bba788b1ea3bf0f4e2d12184e455d50152f01a387129f27N.exe

    • Size

      2.1MB

    • MD5

      69fd541c0dea551111289a95a325b990

    • SHA1

      3710ee3600ae6f61ae72bef4517a1fece313fd8b

    • SHA256

      589f4a38b2615f048bba788b1ea3bf0f4e2d12184e455d50152f01a387129f27

    • SHA512

      f59082764136091da2ccd64813efd5d82bdde755fd4995d98b2709eec66b9a3eac36b90e5b322f79de4dfc292a1c14bd70ef685c1eb61f2a19050f9163f60b24

    • SSDEEP

      49152:ABfcw6NbHHBp7k5hh3k092+OIwgR3v5OOqbzb9eha:akwYt5ShpkNmwiZ2b

    Score
    10/10
    netsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks