General
-
Target
35521c71fb7dcd061744b77acaac772e88c80045fed4fc7d47f5f8de91ff5602
-
Size
1.6MB
-
Sample
241206-sgesfstjfx
-
MD5
8b608f76d96fdb023897903248c2844b
-
SHA1
cd13e266c4521acd741dfe668d3ed15775e6ee06
-
SHA256
35521c71fb7dcd061744b77acaac772e88c80045fed4fc7d47f5f8de91ff5602
-
SHA512
c97648de537a8f4c659bc3bf4d95adfa04ee198905d59d530dea7a5b25f32f37d1ed061ab08cec2ecc8729ea7b31c17caa836d2f320c135f21b4be7cac95039e
-
SSDEEP
24576:QH6f+N8pp5mZoIiKTjgENLRiZgFFgXZ8LNKlw3nTauKHr3ibB4esrC4kPdjBtgsB:pf/QoI9jgSLRiZ2DNfGu743u47360P2
Malware Config
Targets
-
-
Target
tripmaintenancepro/tripmaintenancepro.exe
-
Size
1.7MB
-
MD5
7f91ddd975877939aa1ac1dd56b71d98
-
SHA1
a7e9616647b0cbd94d7baba3a63e59006d4332e3
-
SHA256
82d01b3795167ccb4f5dd684d067039a3ccb9ad5437990bd79c63e57a6c7cf31
-
SHA512
a0fe2f5b3eb7048d5cb3a8da5fd573ea99d1aa17dc430f1e77e3c93f7424f041f155a13bac5ab78c74b6b68be02d217c3acee6e8c4fc722f03d4d4b1d4491d52
-
SSDEEP
49152:ojFr/QWeljgmLNiZGXTNPuUSXcVB5K3Lb8:43eljzUYXZPscVW3
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1