General

  • Target

    d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exe

  • Size

    2.0MB

  • Sample

    241224-t38hbsslbn

  • MD5

    47cfce938a71540a2039aebd5abe0783

  • SHA1

    641d20b31f5b2aba11746d1e533cbe4d4ee9c6ed

  • SHA256

    d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d582b6d0b6f188306954

  • SHA512

    338c95a30ccfbfe81b9a12d6ce01a68fdc3ace65da5fff17ccd06dbb4aa135cdf5ce3947107fd2ea46d32406bf6b30c908b6af673268b7c2ca554a7b67ddd4a1

  • SSDEEP

    49152:VIf96RO0EkHbG+xw6NbHHBp7k5hhelN6YawnqLKwgVRl:VIFP6wYt5ShAiYawbwW

Malware Config

Targets

    • Target

      d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exe

    • Size

      2.0MB

    • MD5

      47cfce938a71540a2039aebd5abe0783

    • SHA1

      641d20b31f5b2aba11746d1e533cbe4d4ee9c6ed

    • SHA256

      d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d582b6d0b6f188306954

    • SHA512

      338c95a30ccfbfe81b9a12d6ce01a68fdc3ace65da5fff17ccd06dbb4aa135cdf5ce3947107fd2ea46d32406bf6b30c908b6af673268b7c2ca554a7b67ddd4a1

    • SSDEEP

      49152:VIf96RO0EkHbG+xw6NbHHBp7k5hhelN6YawnqLKwgVRl:VIFP6wYt5ShAiYawbwW

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks