General
-
Target
5dd4a822034679a3827712848e2c674e01626de2fbacd569b20c634efb45f7be.exe
-
Size
1.7MB
-
Sample
241207-c6zwxs1qas
-
MD5
f411f07437db9f29222e19af93f72906
-
SHA1
7ec2b1590b1f2670c1c04c1b9f2d1d021c589a84
-
SHA256
5dd4a822034679a3827712848e2c674e01626de2fbacd569b20c634efb45f7be
-
SHA512
4d63eb0f41c75f5cebbdededbd2a774499db5fe6de419b6b03be789fe8048beeb01bba753a519ecd50d9dcb13c95002b75898fbbf95a8b02e590eef14f1b4bab
-
SSDEEP
49152:zj+INBqrisJUKUgfRaAyL4swER2EpFC5K:lNkr1fRM9R2+
Malware Config
Targets
-
-
Target
5dd4a822034679a3827712848e2c674e01626de2fbacd569b20c634efb45f7be.exe
-
Size
1.7MB
-
MD5
f411f07437db9f29222e19af93f72906
-
SHA1
7ec2b1590b1f2670c1c04c1b9f2d1d021c589a84
-
SHA256
5dd4a822034679a3827712848e2c674e01626de2fbacd569b20c634efb45f7be
-
SHA512
4d63eb0f41c75f5cebbdededbd2a774499db5fe6de419b6b03be789fe8048beeb01bba753a519ecd50d9dcb13c95002b75898fbbf95a8b02e590eef14f1b4bab
-
SSDEEP
49152:zj+INBqrisJUKUgfRaAyL4swER2EpFC5K:lNkr1fRM9R2+
Score10/10-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1