Overview

overview

10

Static

static

3

d5f5204efc...f9.exe

windows7-x64

3

d5f5204efc...f9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5f5204efc969b0a9a132413c637f09bce02cff7ea932c504d418e80265158f9.exe

  • Size

    4.9MB

  • Sample

    241210-jsnp3avkfn

  • MD5

    ecfdde187846c27fef59c61d42d474b3

  • SHA1

    25d35ff7f5c38626bd77b5cd9fed849fd1186499

  • SHA256

    d5f5204efc969b0a9a132413c637f09bce02cff7ea932c504d418e80265158f9

  • SHA512

    08ac6368aa2857c6201b6812d4adffb7e690f16750bc7b39b3116076fec10aa716c4a868afe9310984ad94f71e65df91fe813ed415f0deee562ceeaf4f800f5e

  • SSDEEP

    98304:HZVS4lyfvsVqltyD5DhADNlXQ2orLmKeLDCVvANLA1pOuI8F7fqLmLhPR6x7:OkPD52

Score
10/10
netsupportdiscoveryrat

Malware Config

Targets

    • Target

      d5f5204efc969b0a9a132413c637f09bce02cff7ea932c504d418e80265158f9.exe

    • Size

      4.9MB

    • MD5

      ecfdde187846c27fef59c61d42d474b3

    • SHA1

      25d35ff7f5c38626bd77b5cd9fed849fd1186499

    • SHA256

      d5f5204efc969b0a9a132413c637f09bce02cff7ea932c504d418e80265158f9

    • SHA512

      08ac6368aa2857c6201b6812d4adffb7e690f16750bc7b39b3116076fec10aa716c4a868afe9310984ad94f71e65df91fe813ed415f0deee562ceeaf4f800f5e

    • SSDEEP

      98304:HZVS4lyfvsVqltyD5DhADNlXQ2orLmKeLDCVvANLA1pOuI8F7fqLmLhPR6x7:OkPD52

    Score
    10/10
    discoverynetsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks