Overview

overview

10

Static

static

1

Payment_88.js

windows7-x64

10

Payment_88.js

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment_88.js

  • Size

    3.7MB

  • Sample

    250120-q5efgsskcy

  • MD5

    560867083d5099bd9546a1c42913b14c

  • SHA1

    c64f6d9efb60b3bdb702f13ed03296c3f503827b

  • SHA256

    e27840f9a453144763cd936b82e5441ebf9fd39b0332f6d1ad161147fc3511f6

  • SHA512

    69c26179622539e342a19d44d009037e50997af7af8bff1e85103b8d0a96982a3bbe078cae9966ed8a8edf972a03d7a8c777e9754f2a31476dae1350160893f9

  • SSDEEP

    49152:Nsz6FvpOiHY7sz6FvpOiHYnsA/4dFcXvdwdIuiu:N0WQ0WZ

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      Payment_88.js

    • Size

      3.7MB

    • MD5

      560867083d5099bd9546a1c42913b14c

    • SHA1

      c64f6d9efb60b3bdb702f13ed03296c3f503827b

    • SHA256

      e27840f9a453144763cd936b82e5441ebf9fd39b0332f6d1ad161147fc3511f6

    • SHA512

      69c26179622539e342a19d44d009037e50997af7af8bff1e85103b8d0a96982a3bbe078cae9966ed8a8edf972a03d7a8c777e9754f2a31476dae1350160893f9

    • SSDEEP

      49152:Nsz6FvpOiHY7sz6FvpOiHYnsA/4dFcXvdwdIuiu:N0WQ0WZ

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks