Overview

overview

10

Static

static

1

a2f1f2e639...7fb.js

windows7-x64

10

a2f1f2e639...7fb.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2f1f2e639e44914bc725fc63ea967fb.js

  • Size

    4.2MB

  • Sample

    250120-q8n44aslhy

  • MD5

    453a136d40114350fd14c719fd6f5e2c

  • SHA1

    4a4c8a0e99fc8fd61320c281e5539a4644b710b5

  • SHA256

    b5b1733f269437803c845cf7344f60657bb64456c06e5cf63c22ee55249844bd

  • SHA512

    cd6273b6ba2968c69c071a395be22d70ae69863095b3ad139ccdb73173b69b0b7e1bc9da33d7b12d4d3416d4530dd7cb3abf35a018a51bc62fe9b00f8de93ab2

  • SSDEEP

    49152:h9NJObOvh90Wg1rA536egzhhCkrn14teMrxsi+ESK7OthvVKV2Mf/UbTmAvcGTjD:h53S5b

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      a2f1f2e639e44914bc725fc63ea967fb.js

    • Size

      4.2MB

    • MD5

      453a136d40114350fd14c719fd6f5e2c

    • SHA1

      4a4c8a0e99fc8fd61320c281e5539a4644b710b5

    • SHA256

      b5b1733f269437803c845cf7344f60657bb64456c06e5cf63c22ee55249844bd

    • SHA512

      cd6273b6ba2968c69c071a395be22d70ae69863095b3ad139ccdb73173b69b0b7e1bc9da33d7b12d4d3416d4530dd7cb3abf35a018a51bc62fe9b00f8de93ab2

    • SSDEEP

      49152:h9NJObOvh90Wg1rA536egzhhCkrn14teMrxsi+ESK7OthvVKV2Mf/UbTmAvcGTjD:h53S5b

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks