netsupport | c1c9bd7b466ba9f682e9448e3c786da6e1b324331a7b9c811043ef045f360590 | Triage

Submit
Reports

Overview

overview

Static

static

1

Payment_257.js

windows7-x64

Payment_257.js

windows10-2004-x64

Sharing

General

Target

Payment_257.zip
Size

1.5MB
Sample

250120-r9v5gavkgy
MD5

a2f1f2e639e44914bc725fc63ea967fb
SHA1

663cc7f9bc49ee3c4484382b430c5845a94325dd
SHA256

c1c9bd7b466ba9f682e9448e3c786da6e1b324331a7b9c811043ef045f360590
SHA512

e0072eb6f74fc12ed47f270bdd1cb3872979cacee9fbfcaa331732e5a4d30642e5d89d260a7679efa45dfdf866e0b0cf5f4ae45fa07f87b8f04d360541529424
SSDEEP

24576:swwlr4BBEUxd1hIUdjVfgl9ARRbV10DUqDYxZgtFFSL7JVZvxynX9shph0AR4t3u:JwlrUX12UdRolwVV10Qj/dVZ54NsCD+

Score

10^/10

netsupport discovery execution persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

Payment_257.js

Resource

win7-20240903-en

netsupport discovery execution persistence rat

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment_257.js

Resource

win10v2004-20241007-en

netsupport discovery execution persistence rat

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Payment_257.js
- Size
  
  4.2MB
- MD5
  
  453a136d40114350fd14c719fd6f5e2c
- SHA1
  
  4a4c8a0e99fc8fd61320c281e5539a4644b710b5
- SHA256
  
  b5b1733f269437803c845cf7344f60657bb64456c06e5cf63c22ee55249844bd
- SHA512
  
  cd6273b6ba2968c69c071a395be22d70ae69863095b3ad139ccdb73173b69b0b7e1bc9da33d7b12d4d3416d4530dd7cb3abf35a018a51bc62fe9b00f8de93ab2
- SSDEEP
  
  49152:h9NJObOvh90Wg1rA536egzhhCkrn14teMrxsi+ESK7OthvVKV2Mf/UbTmAvcGTjD:h53S5b
Score

10^/10

netsupport discovery execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryexecutionpersistencerat

behavioral2

netsupportdiscoveryexecutionpersistencerat

© 2018-2025

Terms | Privacy