General

  • Target

    8c212afb791c86eb2f4b90cd486ce5654c15c4b33b3ad59dac98196c7e452867.exe

  • Size

    9.0MB

  • Sample

    241222-sywsasslcs

  • MD5

    0fb931e52d007389417c451fc26f4115

  • SHA1

    05926430738eac103b1bc0170ad636aca18241c1

  • SHA256

    8c212afb791c86eb2f4b90cd486ce5654c15c4b33b3ad59dac98196c7e452867

  • SHA512

    152296c83aa0923dd8ada3a531730fb88fc55360b76c81e558bddc7eab48b5a97ab4a23fe073718acaca83301c30cf046bf4d52c3abe7d89c1b1b0ef8466f4b4

  • SSDEEP

    196608:r7L9VGYA1HeT39IigwTauDXURuA7SEXqj4r+jIR:fJo1+TtIiF2uARuA28qj4r62

Malware Config

Targets

    • Target

      8c212afb791c86eb2f4b90cd486ce5654c15c4b33b3ad59dac98196c7e452867.exe

    • Size

      9.0MB

    • MD5

      0fb931e52d007389417c451fc26f4115

    • SHA1

      05926430738eac103b1bc0170ad636aca18241c1

    • SHA256

      8c212afb791c86eb2f4b90cd486ce5654c15c4b33b3ad59dac98196c7e452867

    • SHA512

      152296c83aa0923dd8ada3a531730fb88fc55360b76c81e558bddc7eab48b5a97ab4a23fe073718acaca83301c30cf046bf4d52c3abe7d89c1b1b0ef8466f4b4

    • SSDEEP

      196608:r7L9VGYA1HeT39IigwTauDXURuA7SEXqj4r+jIR:fJo1+TtIiF2uARuA28qj4r62

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks