Overview

overview

10

Static

static

1

870663b078...e0b.js

windows7-x64

10

870663b078...e0b.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

  • Size

    1.4MB

  • Sample

    250120-t13t3aylfq

  • MD5

    f41f86193d28f11aaf3d1c741cc69acd

  • SHA1

    f6b1ec365a0dbd966ef8c34f8451375933fe8b9b

  • SHA256

    939b5527f7fceec9ac347aa0112fc9326fb733f13884cc60c2c1a244c3ad22ec

  • SHA512

    a98dd7cde637a2ba315a0891ab943235f9597d9afc1486f4e99f1815ce9a1cbfa59843c8e38cfeb003a30ed6dbc49c752681a8dce84f7f8f1201f121c7c7de78

  • SSDEEP

    24576:TXYO1irGNwhZeE9RDfd8kqCrZPnaf6PbJ6K5lKUiBo/OqWIr4jNME9SAQJ91pmMq:kO16hZeE9RDKOrA2TUUi8OmkjNME9zQG

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • Size

      3.8MB

    • MD5

      aef27e82cd86ed5003b277fb319beb27

    • SHA1

      52eecb59d4a8a5404f6dc347cd46fbd4ee964995

    • SHA256

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • SHA512

      16a61f280f5cf3fd04d9e4f9d956fabbc2855f5d0b1c890e614baf5b4f6fd3441b41c8c7de5a768f443128e715eb933d6c09a2855e52cc405b9eb042baa46efb

    • SSDEEP

      49152:Nsz6FvpOiHY7sz6FvpOiHY1+we6AC9L7lARB3QJhut7C6:N0WQ0WZ

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks