Overview

overview

10

Static

static

1

870663b078...e0b.js

windows7-x64

10

870663b078...e0b.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

  • Size

    1.4MB

  • Sample

    250120-ttpnvsyjby

  • MD5

    477fd3dd1b2f7c702252f2882002e16a

  • SHA1

    516abc0c0fbb38e7b6c972a9691f8e3941e68132

  • SHA256

    b28f9389eb5c15cff9425b8825ee17ffc99b9c0263aedd7830868cf6047b5a04

  • SHA512

    3186077320d7ef7bea2c8ee3b21805263e7521dc997e9a57151b3cc8291b8e97952411daa9cb39cbe60a9355849abe40f256e0d8a7aeccbee5a1c5a96e1d69a3

  • SSDEEP

    24576:UXYO1irGNwhZeE9RDfd8kqCrZPnaf6PbJ6K5lKUiBo/OqWIr4jNME9SAQJ91pmMJ:9O16hZeE9RDKOrA2TUUi8OmkjNME9zQ9

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • Size

      3.8MB

    • MD5

      aef27e82cd86ed5003b277fb319beb27

    • SHA1

      52eecb59d4a8a5404f6dc347cd46fbd4ee964995

    • SHA256

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • SHA512

      16a61f280f5cf3fd04d9e4f9d956fabbc2855f5d0b1c890e614baf5b4f6fd3441b41c8c7de5a768f443128e715eb933d6c09a2855e52cc405b9eb042baa46efb

    • SSDEEP

      49152:Nsz6FvpOiHY7sz6FvpOiHY1+we6AC9L7lARB3QJhut7C6:N0WQ0WZ

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks