netsupport | 8c017da57d9d00384bdb35e2e36226cf2cd1cfe1e6c175410e70610e7640571c | Triage

Submit
Reports

Overview

overview

Static

static

1

MagicVisio...64.exe

windows10-ltsc 2021-x64

Sharing

General

Target

MagicVision_1.4.8_x64.exe
Size

74.6MB
Sample

241216-rxb6tsspex
MD5

a6504e6ce8606ee9426d96dd249b9fe3
SHA1

e8bee105b1ab12adad6562bbb0d33cc30a80b33e
SHA256

8c017da57d9d00384bdb35e2e36226cf2cd1cfe1e6c175410e70610e7640571c
SHA512

078a098c1eb0ed980c008e729a6bc4e2bfba487abd8339cfa5ddc20a8a16bbbda67bbd9df3e4fb0d4b7672937fa67ebf59be5013ae87c0b8701916da1cbe0f63
SSDEEP

1572864:7jMt3HVI69APOViCz1yik0t3NV6tKAmwlGfLxLPE9u:3MZ1IKAWca0/0tXeKAdYLxTE9u

Score

10^/10

netsupport discovery execution persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

MagicVision_1.4.8_x64.exe

Resource

win10ltsc2021-20241211-en

netsupport discovery execution persistence rat

windows10-ltsc 2021-x64

23 signatures

1800 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://eadlr.com/sdz/sdall.zip

exe.dropper

https://eadlr.com/sdf/

Targets

- Target
  
  MagicVision_1.4.8_x64.exe
- Size
  
  74.6MB
- MD5
  
  a6504e6ce8606ee9426d96dd249b9fe3
- SHA1
  
  e8bee105b1ab12adad6562bbb0d33cc30a80b33e
- SHA256
  
  8c017da57d9d00384bdb35e2e36226cf2cd1cfe1e6c175410e70610e7640571c
- SHA512
  
  078a098c1eb0ed980c008e729a6bc4e2bfba487abd8339cfa5ddc20a8a16bbbda67bbd9df3e4fb0d4b7672937fa67ebf59be5013ae87c0b8701916da1cbe0f63
- SSDEEP
  
  1572864:7jMt3HVI69APOViCz1yik0t3NV6tKAmwlGfLxLPE9u:3MZ1IKAWca0/0tXeKAdYLxTE9u
Score

10^/10

netsupport discovery execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryexecutionpersistencerat

© 2018-2024

Terms | Privacy