netsupport | b9d952eef7130898801157705ec6214c676c060c9bb8308c7d7de2a620f0e738 | Triage

Sharing

General

Target

b9d952eef7130898801157705ec6214c676c060c9bb8308c7d7de2a620f0e738.zip
Size

2.0MB
Sample

241212-c52zwsxpdw
MD5

114b1b64ddb412474af49e5bc724e28e
SHA1

8f78c9215f43779e61dbe80878a859436313b8e8
SHA256

b9d952eef7130898801157705ec6214c676c060c9bb8308c7d7de2a620f0e738
SHA512

349e04a6f784cb280a018ed6bec259c2d9efbbc163c06f6fc9ff827cf5f9d624d3ae70ca5f2b242b4c3b0a7502c54e64753d70cee26a5e425a1f1db5e2a8aeba
SSDEEP

49152:zeyM75q5Kqr2YyNgvHGpnkVdlc5r0np5dO2TlLGxBxWBNKmRDMjX2KPDI:zA5+5yNZGVDxDdOLBxWB1RDpK8

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  audiocapture.dll
- Size
  
  90KB
- MD5
  
  192dcc30c09f0cb973997aebdb2efcfc
- SHA1
  
  3fa0efddd92dc65ea3ad8ede4af35c89cbe393c5
- SHA256
  
  dd305100644d07d73d3391456a7a90d838f12be560b9a04ef6b393d603d7d877
- SHA512
  
  3f47aceb63cfde1668ea25b1d48a108b4a54923dc3fa8f7afed1cca15ec980dbe780273a39c22fd6c1e104b429c93633009c425f6cc0ef09b5cde17fba08ecc6
- SSDEEP
  
  768:ZrOxYZwDgyfoVD/Ksdl0R8rKZEmU2ffE7CdmW1B1jvmhxccp2+vHxRpPfPtJNvbq:ZrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnq
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  client32.exe
- Size
  
  98KB
- MD5
  
  d32f43945107b3f64ed88bd43d4246f0
- SHA1
  
  478eb64efbfea6f647d20b103ff35ec57201dc2f
- SHA256
  
  7ca6bda5b00c39bdcf5868070a03084e235735e6c950be147c95c15588c45f44
- SHA512
  
  8cb22bd8a64dad444051b59fe89835e5cb251ec32b19c0b36903f7c027856a7adeb95f8563dd3851b7919c16ec3227023aaef7c2cbfe715d7a1fc5c3be6c73ed
- SSDEEP
  
  768:q5HeEYjB9aFIrdXrY/TEqMVnYYEFw72r5Yafi:qgF9qEGMVntf
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
behavioral3 behavioral4
- Target
  
  htctl32.dll
- Size
  
  315KB
- MD5
  
  c0707cae9904c2022fd1fbaa94bbbba2
- SHA1
  
  8b2116f82abbe4f69c4522f7099ddeacbe18884c
- SHA256
  
  e2daacb11dde2ef717394e9192760fde16b24276fc054357a647b0265b177186
- SHA512
  
  c88416cb59a6bbaf734d310a4441421756fdb2ed489d67c92faa5df7004f18b8cc867660c51fbd121a9722f1276c87abf0906a5566860afd92963e67ee03c417
- SSDEEP
  
  6144:zLMJoLcA0g0aB+PZO9Bpva8l3O0fGAicHxWBJaY5HlDlhHtpbSnV30pudxMEZJZ:zLMJoLcAvBaY489pfGAicoBoY5FDlhNI
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  pcicapi.dll
- Size
  
  33KB
- MD5
  
  adcd0efb2b7fbb0c1b350f63bf6f4928
- SHA1
  
  43f9f056cb4d9d35f83adf65e57628895ff27634
- SHA256
  
  f770b67a8d1d73af4022a1edbbbb0885884c82e1cfa3abccb13fd046d2e277a0
- SHA512
  
  2ace2ad8d1b0316e9252936c3404224144c598d4bea95386184f02dfead562a4eec483208f71e70b6f870a20357eeb3c9eecabab6d107af5380f3bc9ffad9cc1
- SSDEEP
  
  768:JDxJCw72OkRIStu7EQzsTDLoHin+oIZ0rrNaBi:JDxYK2JtW/zsTDlvIZ0
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  pcichek.dll
- Size
  
  17KB
- MD5
  
  8bc70bdd438ba6319924b01b5cc69e9f
- SHA1
  
  296be384e05ec5b8c92e4253169422417ccfdf17
- SHA256
  
  25dccc7c576995c3ea5abdbca87e05f7344ae00c686f2ba47c011af7e97c430c
- SHA512
  
  4049f2895d720d569074d8e2c93de31d6aea9132a11b884b198c7b6a6d69ab9fcad73057a7ae125ba5eb6a07093cf9005def974b7415c46f1c1f53353aeaa619
- SSDEEP
  
  192:JXANeiOT8k2b633L6RRHcjY5XQqsrb0hSF7j7ZlqUpai/Tvrb0hSqZlqca7bju5O:JXANt+52VOrrIoTvraIcai5O
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  pcicl32.dll
- Size
  
  3.3MB
- MD5
  
  b0a5d0ab67fef12814b663eb6bd16fb8
- SHA1
  
  92e0a2cfb4618dd3f9a12b54c0024c0265b789c7
- SHA256
  
  cb44ad743e0b35d89efdc0ced14573d3bcfb320e8c63581967b1c323e24d30f0
- SHA512
  
  9edaf0fafe6f504e721d73ed95181029e952be4e7b4c475f007f3e81d8ff87625a767a54de4a3b0ac8c4ebbac78714d4dcee702b5d0ba94a2be5c74f6cc27d32
- SSDEEP
  
  49152:3WMA61yiaB6FnebgvDYUEuyiN1MpwYSNGrUqZ9AtXFshTIwiaMcMSENo:3KCyipe0/hyiN1MpjWWmtXXrSv
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  remcmdstub.exe
- Size
  
  71KB
- MD5
  
  c6b00dcc026bc1dbb7bace7859e18414
- SHA1
  
  bb83b12d3bb6c79d6b4c968de9b6e9f0ebf4beb7
- SHA256
  
  82a5b0a5f16eb2045e74726cea1af7eda7ce93125f1d2480afeb168587928f55
- SHA512
  
  5514496a21a07c6d03962df78a3a4ade54e6ffe8b2ebc646c016185251c95f0708bbf737377499acb7b31931e2bfb3b5aa94c34d269e267731bac85a8d2baf43
- SSDEEP
  
  1536:WfanvXuNOwphKuyUHTqYXHhrXH4xLIygAo4wbioQ+E5sw8LQ+8iAG:ganPSpAFUzt0xLIygDiYQDG
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  tcctl32.dll
- Size
  
  355KB
- MD5
  
  85db07eba81939098622ef88d572cd5b
- SHA1
  
  1af304730f1af2d4b99d20da11022bc8a1021a60
- SHA256
  
  47162edd0cf12cd37eacc44e4da35734b94f6e5a202be435c5c7a9e51eb0f3ec
- SHA512
  
  f02603e091f7fc0960cd228b845e5412934f41baaebec611f92718bf16d4f222c176734409f9bf2833ee6d8c26f3e8992eb01f9a5c53cdcbbde28eba2497cd64
- SSDEEP
  
  6144:FgL3Le4qjZqUAbuDgLNvCFWnS62AIf++H7uxxCuLe9AiD0kqfv6rr:6L3Le4qjQUAbuDUvcWnS6pIf++H7SxCh
Score

3^/10

discovery
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

netsupportdiscoveryrat

behavioral4

netsupportdiscoveryrat

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18