Overview

overview

10

Static

static

1

run.ps1

windows7-x64

3

run.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    run.ps1

  • Size

    455B

  • Sample

    250106-1d8v5azrhr

  • MD5

    34461789a1f174ecf1cbfafb6c862d49

  • SHA1

    c3f90e8a3abc878e94e8a563217adc2e038073b3

  • SHA256

    2448a60f70fb81ce1edf022d764a48c58c74acefd992cee9e70ec5c6c5b51896

  • SHA512

    40fa678a2889efe5bcc216c8557bd1d0160f189737995cc9b29f491536b3d83c3a371ebf2bdb81df52121f0747cf46a5b324f0ffcd9b50b8338679f1f3e40370

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://stocktemplates.net/all/zall/faa.zip
exe.dropper

https://stocktemplates.net/all/fall/

Targets

    • Target

      run.ps1

    • Size

      455B

    • MD5

      34461789a1f174ecf1cbfafb6c862d49

    • SHA1

      c3f90e8a3abc878e94e8a563217adc2e038073b3

    • SHA256

      2448a60f70fb81ce1edf022d764a48c58c74acefd992cee9e70ec5c6c5b51896

    • SHA512

      40fa678a2889efe5bcc216c8557bd1d0160f189737995cc9b29f491536b3d83c3a371ebf2bdb81df52121f0747cf46a5b324f0ffcd9b50b8338679f1f3e40370

    Score
    10/10
    executionnetsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks