netsupport | 32a828e2060e92b799829a12e3e87730e9a88ecfa65a4fc4700bdcc57a52d995 | Triage

Sharing

General

Target

32a828e2060e92b799829a12e3e87730e9a88ecfa65a4fc4700bdcc57a52d995.zip
Size

2.1MB
Sample

241211-cvh42a1nh1
MD5

9e44715645e849a48e186649ef8f08ce
SHA1

e4fc1195616420cd63fce11d5a229f4602573327
SHA256

32a828e2060e92b799829a12e3e87730e9a88ecfa65a4fc4700bdcc57a52d995
SHA512

e1adea7734a6ffe0f886a2494ba69ed3cb8c2d7b0d4dcc7f6fa25d8963701265cde880629ba4b46e29e2ce49e9d06bc2fb59c129604a6c36f7cc0311a6aeeb2f
SSDEEP

49152:05PWZ5FvcBwolIVIW8MUSgCHGRzevMMiwEGYt1/2r9BcP7bbp7lVu:+P+Uw4IVIWGSgCHGlSMMDm/2EDvlbu

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  AudioCapture.dll
- Size
  
  91KB
- MD5
  
  4182f37b9ba1fa315268c669b5335dde
- SHA1
  
  2c13da0c10638a5200fed99dcdcf0dc77a599073
- SHA256
  
  a74612ae5234d1a8f1263545400668097f9eb6a01dfb8037bc61ca9cae82c5b8
- SHA512
  
  4f22ad5679a844f6ed248bf2594af94cf2ed1e5c6c5441f0fb4de766648c17d1641a6ce7c816751f0520a3ae336479c15f3f8b6ebe64a76c38bc28a02ff0f5dc
- SSDEEP
  
  1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  2d3b207c8a48148296156e5725426c7f
- SHA1
  
  ad464eb7cf5c19c8a443ab5b590440b32dbc618f
- SHA256
  
  edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796
- SHA512
  
  55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c
- SSDEEP
  
  6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  a0b9388c5f18e27266a31f8c5765b263
- SHA1
  
  906f7e94f841d464d4da144f7c858fa2160e36db
- SHA256
  
  313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
- SHA512
  
  6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd
- SSDEEP
  
  192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  PCICL32.DLL
- Size
  
  3.5MB
- MD5
  
  d16ffa06a35601a73b73836bf905ed19
- SHA1
  
  b8231d36f921e5b75b592ea3374f19216a5c411f
- SHA256
  
  80cc439a0633add1dd964bb6bb40ccdcfec3ae28da39fd9416642ab0605d40ab
- SHA512
  
  e79b8cfbdd4d86742420a334ab6e0d70bcd3393ab8b07ae6d49ec435aef2bcbd07681774ac7e66eca41c11aa086b398440f74f0b1b77087aa2c18b76c6f3a168
- SSDEEP
  
  49152:XQ8QqFfxm8YV0J05xlibLK2MTc/aBcOSENPsP:XQ8LFfxg5xkL18Se6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  TCCTL32.DLL
- Size
  
  387KB
- MD5
  
  60aea67e2659e1961369e04185c61adf
- SHA1
  
  3a786618a4bb174d7cabd2a4c44a3648155288b9
- SHA256
  
  8fd7f3eb1882755a8c5ba998409b20b240aed8ec025629b1679ea288ec2ae8aa
- SHA512
  
  9680ec392e3b3d887ba740d5bf50d4b73731128b91973a68d79362dd7eb7495aa0eedb8fdb954f6ce1c6d132b024fd67bac589f2fa2b2cdcc9565afeac5c9970
- SSDEEP
  
  12288:FpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNc:tpq7BaGIn4BbLneNc
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  client32.exe
- Size
  
  33KB
- MD5
  
  290c26b1579fd3e48d60181a2d22a287
- SHA1
  
  e4c91a7f161783c68cf67250206047f23bd25a29
- SHA256
  
  973836529b57815903444dd5d4b764e8730986b1bd87179552f249062ee26128
- SHA512
  
  114a9f068b36a1edf5cce9269057f0cc17b22a10cd73cbed3ef42ae71324e41363e543a3af8be57b410c533b62bcf7f28650b464cce96e0e6c14819cdb90129a
- SSDEEP
  
  192:7SVVGg84ZVe9LQTsZ98A2QakMnCaJN8TvyowJL/8Qpkqs1I1jw+ebCfaFLrWn:7yIwamdkjy8bYJLu1SmbCShrWn
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
behavioral11 behavioral12
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  pcicapi.dll
- Size
  
  32KB
- MD5
  
  dcde2248d19c778a41aa165866dd52d0
- SHA1
  
  7ec84be84fe23f0b0093b647538737e1f19ebb03
- SHA256
  
  9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
- SHA512
  
  c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166
- SSDEEP
  
  768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  remcmdstub.exe
- Size
  
  71KB
- MD5
  
  a0692e92f906639ca1816af18f89b681
- SHA1
  
  77f05ceb702eb6f2882637523b26ba61914cc89d
- SHA256
  
  397fba98ec417b1381040ff1ab40eccc41e40eca1bf2ee9b809814e5c2846e1a
- SHA512
  
  242276b00609262ac10941db476a5342c5c885a9b504d1e12a87b38baea6327ac842dfd93a8751133692c3731651048d3145eb31e0d486e9801b3fa248b34742
- SSDEEP
  
  1536:+fanvXuNOwphKuyUHTqYXHhrXH4xLIyqxouj5CdnTrioQ+fTmCj5CdnTiwQ+8iA:YanPSpAFUzt0xLIyqhj5CdnTrBT5j5CK
Score

3^/10

discovery
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

netsupportdiscoveryrat

behavioral12

netsupportdiscoveryrat

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18