netsupport

Resubmissions

04-12-2024 04:28

241204-e3ta3sxlep 1

04-12-2024 03:02

241204-djgmhatpdm 1

04-12-2024 02:46

241204-c9ep6axpg1 10

Sharing

Copy URL

Twitter E-mail

General

Target

yyy.zip
Size

2.8MB
Sample

241204-c9ep6axpg1
MD5

a9cb224f62e40601a10af5824a331248
SHA1

1ce3c4fdedf57af3994b4625d43304861a3e13ec
SHA256

c0adaa84600a272780e9937a647329dca67e6c004f5b58098139af09fc2e7b1c
SHA512

269182c309bdfaae0878708bf539db4cebba8e5c09a528b54c89c1a5a80771e53bf1e8d0b9b5952e3c2ae2906600a4929014dba501f973c01f9652bd78cbd564
SSDEEP

49152:Ylz3lEDThXBJOhHcx6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqRpykTS098:aGFXamhRFY89YYc9jh23redpmQRl1ZGv

Score

10^/10

Malware Config

Targets

- Target
  
  yyy.zip
- Size
  
  2.8MB
- MD5
  
  a9cb224f62e40601a10af5824a331248
- SHA1
  
  1ce3c4fdedf57af3994b4625d43304861a3e13ec
- SHA256
  
  c0adaa84600a272780e9937a647329dca67e6c004f5b58098139af09fc2e7b1c
- SHA512
  
  269182c309bdfaae0878708bf539db4cebba8e5c09a528b54c89c1a5a80771e53bf1e8d0b9b5952e3c2ae2906600a4929014dba501f973c01f9652bd78cbd564
- SSDEEP
  
  49152:Ylz3lEDThXBJOhHcx6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqRpykTS098:aGFXamhRFY89YYc9jh23redpmQRl1ZGv
Score

1^/10
behavioral1
- Target
  
  HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  c94005d2dcd2a54e40510344e0bb9435
- SHA1
  
  55b4a1620c5d0113811242c20bd9870a1e31d542
- SHA256
  
  3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899
- SHA512
  
  2e6f673864a54b1dcad9532ef9b18a9c45c0844f1f53e699fade2f41e43fa5cbc9b8e45e6f37b95f84cf6935a96fba2950ee3e0e9542809fd288fefba34ddd6a
- SSDEEP
  
  6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
Score

3^/10

discovery
behavioral2
- Target
  
  Logo.png
- Size
  
  27KB
- MD5
  
  7fd31ab02a460425b02424d88516e231
- SHA1
  
  69d6c2e823eb4a4b4714e3e454316cca6465ed9e
- SHA256
  
  d5ff2f45dd0e5cdc6fbffd3f5fa9098676d46f8aafd74d6d52d298231d6dc394
- SHA512
  
  c02b3a0b99d426ab2b37fd6a97b0f72624622d71af7f923e2057ca533b58cefb006f2562ea7554031fc5eaa779e748918ecf2029779e80a1b73332637c63bab8
- SSDEEP
  
  768:JpJTH80OiNAR+xnHYKHgHgOwy8B+Om0LOu6:JphLNO+nlx3N0/0LZ6
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3
- Target
  
  LogoBeta.png
- Size
  
  23KB
- MD5
  
  550183b3229a2868fe3b6bfd87b2f526
- SHA1
  
  a90239bfb7562b868d4a60981c146ec4e12f98d1
- SHA256
  
  d172d5ce446919158db1c30a2dc2e215112ae6ec0611ddc3df99476cacf0f16d
- SHA512
  
  d3384c5e0d3a51f720b76eddf05dbe5e9de75cca821521a5ecef0ecdc3ee6a19f1584984aaee136c97afe5adac13e73dceab9e76174c7bad4b330b0f8756fff3
- SSDEEP
  
  384:9gKFm8g2PHDR3WylvbEB7XbcQCTJ5z1I1LEdJyfGB3jCLv6zSoHvA+ln8ew:95FF/vD8CakQCJXI1GJzjSISew
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral4
- Target
  
  LogoCanary.png
- Size
  
  27KB
- MD5
  
  ef8a81d1e1070f20ce809cca75588612
- SHA1
  
  2eb8ca5797859d8f6642878215f5a89887964f1c
- SHA256
  
  6f2f599bc3e34e11072ce7ddbab2d484371563f0bc79de785df075db5e17ae1b
- SHA512
  
  7e94a94b30ce3657d6fd0f4f6078e01c655e13a0b8bce4b0331eb7d50ff2639dad578c059ea5804aa60cd0f7bf181f46cfc9e5a7755405769139065b7bc2b444
- SSDEEP
  
  384:ZbN1yJ4veZSqzz3j9THvHCbH+vZM+WP6LwYq4vRQyd5nRTl/XjtSRRUnbKYVbKmI:ZbNa4S9lrfZM+Gmj7nR5/XPnbFVbZ2V
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5
- Target
  
  LogoDev.png
- Size
  
  23KB
- MD5
  
  b8f553fbd3dc34b58bc77a705711023d
- SHA1
  
  4ab1052f906fda96f877e398426da5646574c878
- SHA256
  
  2761c60263a2919b856915bdd2a0604b7f0e56e59d893ab13cccef2b7c967229
- SHA512
  
  15a1df0dbb06b4bb64a2b8cd7ad22578292d5ecdec64303350e027f9f87fa8a825cb1cc97f94862d8c235c85b0c79a4feabfb89d9e0b77be62aab25785122a60
- SSDEEP
  
  384:qSVmAf6Ft8Itb+e2b9tdTwEy9kXs6vWZZCbiXSeEO/12Hb40yrWSbN8qtA:qImAfe7gx3y6MZC2CeV2747zbN8
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral6
- Target
  
  NSM.LIC
- Size
  
  195B
- MD5
  
  e9609072de9c29dc1963be208948ba44
- SHA1
  
  03bbe27d0d1ba651ff43363587d3d6d2e170060f
- SHA256
  
  dc6a52ad6d637eb407cc060e98dfeedcca1167e7f62688fb1c18580dd1d05747
- SHA512
  
  f0e26aa63b0c7f1b31074b9d6eef88d0cfbc467f86b12205cb539a45b0352e77ce2f99f29baeab58960a197714e72289744143ba17975699d058fe75d978dfd0
Score

3^/10
behavioral7
- Target
  
  NSM.ini
- Size
  
  6KB
- MD5
  
  88b1dab8f4fd1ae879685995c90bd902
- SHA1
  
  3d23fb4036dc17fa4bee27e3e2a56ff49beed59d
- SHA256
  
  60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92
- SHA512
  
  4ea2c20991189fe1d6d5c700603c038406303cca594577ddcbc16ab9a7915cb4d4aa9e53093747db164f068a7ba0f568424bc8cb7682f1a3fb17e4c9ec01f047
- SSDEEP
  
  96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
Score

1^/10
behavioral8
- Target
  
  PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  104b30fef04433a2d2fd1d5f99f179fe
- SHA1
  
  ecb08e224a2f2772d1e53675bedc4b2c50485a41
- SHA256
  
  956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd
- SHA512
  
  5efcaa8c58813c3a0a6026cd7f3b34ad4fb043fd2d458db2e914429be2b819f1ac74e2d35e4439601cf0cb50fcdcafdcf868da328eaaeec15b0a4a6b8b2c218f
- SSDEEP
  
  192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
Score

3^/10

discovery
behavioral9
- Target
  
  PCICL32.DLL
- Size
  
  3.6MB
- MD5
  
  d3d39180e85700f72aaae25e40c125ff
- SHA1
  
  f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15
- SHA256
  
  38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5
- SHA512
  
  471ac150e93a182d135e5483d6b1492f08a49f5ccab420732b87210f2188be1577ceaaee4ce162a7acceff5c17cdd08dc51b1904228275f6bbde18022ec79d2f
- SSDEEP
  
  49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
Score

3^/10

discovery
behavioral10
- Target
  
  TCCTL32.DLL
- Size
  
  387KB
- MD5
  
  2c88d947a5794cf995d2f465f1cb9d10
- SHA1
  
  c0ff9ea43771d712fe1878dbb6b9d7a201759389
- SHA256
  
  2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e
- SHA512
  
  e55679ff66ded375a422a35d0f92b3ac825674894ae210dbef3642e4fc232c73114077e84eae45c6e99a60ef4811f4a900b680c3bf69214959fa152a3dfbe542
- SSDEEP
  
  12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6
Score

3^/10

discovery
behavioral11
- Target
  
  cAlient32.ini
- Size
  
  361B
- MD5
  
  5d270b8ddcedf2b95c83b6824fbf9aa0
- SHA1
  
  24e9c2d60951b87710c6e6c9572001be57c3e6bc
- SHA256
  
  903367aa75a70cfb9d6ac0d985c11a7c7dfbf8c57f480820e869dbeefbcf3363
- SHA512
  
  8464d9f3582fcf3312e0f6c8157e56e10fd4651e1e1c8e5240465f44f7cddb70465f50ec6cd40d7c27892d6bddb7e519de5179f5fa17927c359f2ae669e347a3
Score

1^/10
behavioral12
- Target
  
  client32.exe
- Size
  
  101KB
- MD5
  
  c4f1b50e3111d29774f7525039ff7086
- SHA1
  
  57539c95cba0986ec8df0fcdea433e7c71b724c6
- SHA256
  
  18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
- SHA512
  
  005db65cedaaccc85525fb3cdab090054bb0bb9cc8c37f8210ec060f490c64945a682b5dd5d00a68ac2b8c58894b6e7d938acaa1130c1cc5667e206d38b942c5
- SSDEEP
  
  768:q78j0+RH6e6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDU:qwpHLiLniepfxP91/bQxnu
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
behavioral13
- Target
  
  client32.ini
- Size
  
  671B
- MD5
  
  1f3911aa581f74218174a75d1d44aebe
- SHA1
  
  67cac52f8457c77a93338109d6615145d1148e17
- SHA256
  
  010dc2cdbdbca9199aca04a93165259b48bbacaafd142d0597e2b168b0c7809e
- SHA512
  
  c5d825bcd2c44f8e83ef1b3a0f185f93c23e365cff55051231c676fc5b68dbf50ef7a6a466e1b2fd3b3c942b68270207e08eb18aba04e768226419c8054ad30f
Score

1^/10
behavioral14
- Target
  
  ie_to_edge_bho.dll
- Size
  
  438KB
- MD5
  
  c071066e7ea9074f7e951f0f1c9faa9a
- SHA1
  
  921bd559e21cbc720dd1e7ab539dc5ce6b676de3
- SHA256
  
  9f87977f94a8c48f143af8401845a839484ac0cb58847a693cbb7809c846496f
- SHA512
  
  c436b2e4f0e39896a548b12eb6294f38197da7099b712f07fa5b4f44d95b94ab3bc8b1182e4769538a42bdb65931ab94f5ff09650df4cfb13ea3dd30e4becda7
- SSDEEP
  
  6144:PB5DwLKugywR+FnkGMIj4fr2YOy+FI6TXezQhE41OqBPaOk7rVj:PBZwLGQ5yOy+FI6TzBPW
Score

3^/10

discovery
behavioral15
- Target
  
  ie_to_edge_bho_64.dll
- Size
  
  561KB
- MD5
  
  c8b97c8af7c0d95242a90528050c2c0b
- SHA1
  
  617b9519db8af27eaa8bdb1287c15f648e9d36af
- SHA256
  
  487d9995f0fa52154be24c422e74488a059c46b8e9e21e8a751d7d76ab632975
- SHA512
  
  33242667f3f59d12f3f4a965f57552981513566dd273869be3a48bca5ad93d18d90261f5752f8ab8b1f801dd59e28deb2787f1bb03a813e16c88e8830bf1d3c8
- SSDEEP
  
  6144:tak4zUeoZs4TB8D3qQAtoOk9SkxDgo5B8+ivLOLwR8Ph4ofUmJO6+vvLgAsY:tj44o4t8DaH/+SkbQv6LwR8PhAmJO63W
Score

1^/10
behavioral16
- Target
  
  install_state.json
- Size
  
  1KB
- MD5
  
  3f78a0569c858ad26452633157103095
- SHA1
  
  8119bcc1d66b17ccd286fef396fa48594188c4d0
- SHA256
  
  d53fc339533d39f413ddd29a69ade19f2972383db8fb8938d77d2e79c8573f36
- SHA512
  
  89842e39703970108135d71ce4c039df19c18f04c280cb2516409758f9d22e0205567b08dbe527a6fb7c295bda2ea8ee6a368d6fcaf6fb59645d31ef2243ad3d
Score

3^/10
behavioral17
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral18
- Target
  
  nskbfltr.inf
- Size
  
  328B
- MD5
  
  26e28c01461f7e65c402bdf09923d435
- SHA1
  
  1d9b5cfcc30436112a7e31d5e4624f52e845c573
- SHA256
  
  d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368
- SHA512
  
  c30ec66fecb0a41e91a31804be3a8b6047fc3789306adc106c723b3e5b166127766670c7da38d77d3694d99a8cddb26bc266ee21dba60a148cdf4d6ee10d27d7
Score

1^/10
behavioral19
- Target
  
  nsm_vpro.ini
- Size
  
  46B
- MD5
  
  3be27483fdcdbf9ebae93234785235e3
- SHA1
  
  360b61fe19cdc1afb2b34d8c25d8b88a4c843a82
- SHA256
  
  4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b
- SHA512
  
  edbe8cf1cbc5fed80fedf963ade44e08052b19c064e8bca66fa0fe1b332141fbe175b8b727f8f56978d1584baaf27d331947c0b3593aaff5632756199dc470e5
Score

1^/10
behavioral20
- Target
  
  pcicapi.dll
- Size
  
  32KB
- MD5
  
  34dfb87e4200d852d1fb45dc48f93cfc
- SHA1
  
  35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641
- SHA256
  
  2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703
- SHA512
  
  f5bb4e700322cbaa5069244812a9b6ce6899ce15b4fd6384a3e8be421e409e4526b2f67fe210394cd47c4685861faf760eff9af77209100b82b2e0655581c9b2
- SSDEEP
  
  768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
Score

3^/10

discovery
behavioral21
- Target
  
  remcmdstub.exe
- Size
  
  62KB
- MD5
  
  6fca49b85aa38ee016e39e14b9f9d6d9
- SHA1
  
  b0d689c70e91d5600ccc2a4e533ff89bf4ca388b
- SHA256
  
  fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814
- SHA512
  
  f9c90029ff3dea84df853db63dace97d1c835a8cf7b6a6227a5b6db4abe25e9912dfed6967a88a128d11ab584663e099bf80c50dd879242432312961c0cfe622
- SSDEEP
  
  1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
Score

3^/10

discovery
behavioral22
- Target
  
  temp/5B8FEB2AF817493Es
- Size
  
  26KB
- MD5
  
  a520c99edc6ebb569b7f4e2eaebbad62
- SHA1
  
  55eaf3a8355c00d5ef66e65711a05cf05c528117
- SHA256
  
  7dfba62da55af1b00eeb3b042ae3a5323dc47c78d0fc2e4be4c5ac19f3d1be94
- SHA512
  
  476d2c8f90d6514724bf52d31e974298a6a566eb3dbff0e26652e0995c2d6789d4c3a1790b5f24794a38cf649b50156665d3fe3daede4c39c56613416dbafdab
- SSDEEP
  
  768:LqbhOh7bZl2Nk9QoiC7/NoZDFGlY8TSSED:Ih7MQoiC7/CZxHX
Score

1^/10
behavioral23
- Target
  
  temp/5F3010ACA99103ABs
- Size
  
  76KB
- MD5
  
  34752a887009eda64f252b3fb0742e1a
- SHA1
  
  faa07029b397d78a46255e86e166613b1051169a
- SHA256
  
  b6f2136a31b769f25c437870cea8efcfd07e38a2043dbad8ed191afcec8c8684
- SHA512
  
  72980f1ac33ef78c04545f48c85c631dad91ec4c7a1aedc9c0b0e72d2be6dfd7835708d0d04371ef9b6a8eb5eb1135a0a1c46b67eaed616b081e0b95ae4d0026
- SSDEEP
  
  1536:qiLXP9fo7qV/k0oJ7oNuRQoChKi8e/fpucJKdPN/z3Xe29GyK:qiL1o7qJkFoURjenpucJ6/z+29GyK
Score

1^/10
behavioral24
- Target
  
  temp/6D746DDFF1121E0Fs
- Size
  
  156B
- MD5
  
  52750472d977dae7b9a1c0e587ee3e85
- SHA1
  
  611e64b2f0148c7427a019fd35353957de9ddf9a
- SHA256
  
  7513501a31669f19b5311088d526d6a8e844dffccb9ea6d319e6f71c58298eec
- SHA512
  
  e5487f374caf369b89496756cefde56a3e62bf9dbe1484e71723c0993b828845b2f4c31edc9020b9812f294c972319528faa598c4d5e90e1afc87b3243f4d4ba
Score

1^/10
behavioral25
- Target
  
  temp/8C071BA874B720F3s
- Size
  
  8KB
- MD5
  
  309f8bce98c7817958ee879032e1e2d2
- SHA1
  
  0a9502655504fba12668121c800eda9b31993c60
- SHA256
  
  6d8118143385273472ba114b0443a7b853f49589751454d55b92008ae1bbff83
- SHA512
  
  e8c05a47dbf4d588991dab47ea98cd25d3a74c599929cf8973656aaf83ae2e5b5b4383284d20b5f526424a0f95d487672631acb93ebb612c7d7700ea2450ff1e
- SSDEEP
  
  192:OrmteM+7guCfj960jYc7cu8f/aAmZxaGlRO4NiLf2Gg3:+lguC5cuTAJGlRv4fNg3
Score

1^/10
behavioral26
- Target
  
  temp/quit_2.ico
- Size
  
  1KB
- MD5
  
  cf7a50a53e98a83f59afa2c605126a34
- SHA1
  
  39ce4058caf1fbecca3661bb5167f5fe7825da01
- SHA256
  
  6f1c7082e5d786e1d6da082333a00cf6f0105d976877afd2c39e40bf84be640a
- SHA512
  
  312fdedac9538c40ff22f8819cefd0d9ca46009c3bb79970d2c912de0ab18039d335a5f6d146632d8ab06b3e1e99862ab0ca448e05a78648f177f6f4e660463b
Score

3^/10
behavioral27

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Netsupport family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27