Overview

overview

10

Static

static

1

ece96593ba...1ec.js

windows7-x64

8

ece96593ba...1ec.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ece96593baa146d5d43320b54cc99efe707423033dd3a54707f62da30b8411ec

  • Size

    1.3MB

  • Sample

    250120-trkbcsxrbj

  • MD5

    54b1a44ca1879aa99bcf5b53e89bfbdf

  • SHA1

    23fec331e8776274e23e5500d1fc9a715686ad01

  • SHA256

    39c93ed4de66b2b9d07bbf842f10ce899480fffd80e7b41ff40e270b493449a1

  • SHA512

    71073cf4da38bcf81c7299b6f6a14f6015b38a1438f7ac6af358487b48dfe0499be2b2720d0a0434f25df64e4f793010d99a70781475e87ec5e3a27f769d182c

  • SSDEEP

    24576:qXYO1ONGdWcbuUhMr7hY33BiZumMiuRzoVt5Tq387D4P20QsAoE:XO1ON7gPD33k5M7RcVtxq38vbsDE

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      ece96593baa146d5d43320b54cc99efe707423033dd3a54707f62da30b8411ec

    • Size

      4.0MB

    • MD5

      5b105052491111a765f56d4089b579c0

    • SHA1

      f3a9091241bec8746c0013ed57c00a1706c14bb1

    • SHA256

      ece96593baa146d5d43320b54cc99efe707423033dd3a54707f62da30b8411ec

    • SHA512

      0db07ad592f4a36c76a1c00f9f100a3417940de0521c63b5c076dcb993423af6013c6b5bcef8c90851e60da8d33c9959ce802b3282102a88166bac57744fab0d

    • SSDEEP

      49152:Nsz6FvpOiHY7sz6FvpOiHYVmgm4ndniS60S6Gy492BRoRqfZYQEgXG9ad3:N0WQ0Wg

    Score
    10/10
    executionpersistencenetsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks