General
-
Target
o.png
-
Size
1KB
-
Sample
241223-yzb26szmhj
-
MD5
1d4910734b9ae1dcf2c89ae371e9e0d6
-
SHA1
0160ef94510837f89f844cfbd1a79af20585c4c8
-
SHA256
57776354898d850cb8a439eac8515cb917a11a0ab4b0e846a4ed2dc64b8bfd7d
-
SHA512
e1a089eb482403f598543e90840f213fb7fdc1de0231e98aeef1bdc75e2e5ee6cf0c61fea6dae14ba57aa523241c4d11e3d0522a684f9135e4c3107951f77148
Static task
static1
Behavioral task
behavioral1
Sample
o.ps1
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
o.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://incomputersolutions.com/o/1.png
http://incomputersolutions.com/o/2.png
http://incomputersolutions.com/o/3.png
http://incomputersolutions.com/o/4.png
http://incomputersolutions.com/o/5.png
http://incomputersolutions.com/o/6.png
http://incomputersolutions.com/o/7.png
http://incomputersolutions.com/o/8.png
http://incomputersolutions.com/o/9.png
http://incomputersolutions.com/o/10.png
http://incomputersolutions.com/o/11.png
http://incomputersolutions.com/o/12.png
Targets
-
-
Target
o.png
-
Size
1KB
-
MD5
1d4910734b9ae1dcf2c89ae371e9e0d6
-
SHA1
0160ef94510837f89f844cfbd1a79af20585c4c8
-
SHA256
57776354898d850cb8a439eac8515cb917a11a0ab4b0e846a4ed2dc64b8bfd7d
-
SHA512
e1a089eb482403f598543e90840f213fb7fdc1de0231e98aeef1bdc75e2e5ee6cf0c61fea6dae14ba57aa523241c4d11e3d0522a684f9135e4c3107951f77148
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Netsupport family
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1