netsupport | 6ba3976f8956dceb2903dc89b9b66c3d81ceb93566b6244b58c4929a454815c0 | Triage

Sharing

General

Target

6ba3976f8956dceb2903dc89b9b66c3d81ceb93566b6244b58c4929a454815c0.exe
Size

1.1MB
Sample

241210-jsnp3avkfp
MD5

aedf7f67cf6d7f8ef348ba681046fe51
SHA1

707ac1c67e2d569613c1b5cc3f809d6bd3cddc26
SHA256

6ba3976f8956dceb2903dc89b9b66c3d81ceb93566b6244b58c4929a454815c0
SHA512

83297d6611b3c168952c700a10fcca736fe96205298a81eb4d21523b260f933b41f71f4fc9da41b60098d0687d822be6a93b3b29caf692bfaa32e1762a392a01
SSDEEP

24576:WDXXsCAM4OF+PMwrSVlbmfDYkhDvGtjXtGUAF9kJ7MqudghfEuCj0hThiHHxlhVV:WDXtMw5pwkJ

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  6ba3976f8956dceb2903dc89b9b66c3d81ceb93566b6244b58c4929a454815c0.exe
- Size
  
  1.1MB
- MD5
  
  aedf7f67cf6d7f8ef348ba681046fe51
- SHA1
  
  707ac1c67e2d569613c1b5cc3f809d6bd3cddc26
- SHA256
  
  6ba3976f8956dceb2903dc89b9b66c3d81ceb93566b6244b58c4929a454815c0
- SHA512
  
  83297d6611b3c168952c700a10fcca736fe96205298a81eb4d21523b260f933b41f71f4fc9da41b60098d0687d822be6a93b3b29caf692bfaa32e1762a392a01
- SSDEEP
  
  24576:WDXXsCAM4OF+PMwrSVlbmfDYkhDvGtjXtGUAF9kJ7MqudghfEuCj0hThiHHxlhVV:WDXtMw5pwkJ
Score

10^/10

discovery netsupport rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportdiscoveryrat