Overview

overview

10

Static

static

1

870663b078...e0b.js

windows7-x64

10

870663b078...e0b.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

  • Size

    1.4MB

  • Sample

    250120-tv6nrsyjek

  • MD5

    3f6ef649374ee59bd47dc47a22639740

  • SHA1

    5139674762667c6781e68abae44ea9dd8c3a8afd

  • SHA256

    6f9b50c7c769d3ff76fe777ab1e5a9e6521f9189e92fefdd1aeb1af840268e48

  • SHA512

    c863c5f7e3ee673df009d2ce7802c73544eff3a8fef2c8c10b4c46aa0a5bee907d7fd510eb1273409518c8a3ff2833f5031fcd9fadefb98c0741d61059012c98

  • SSDEEP

    24576:ZXYO1irGNwhZeE9RDfd8kqCrZPnaf6PbJ6K5lKUiBo/OqWIr4jNME9SAQJ91pmM0:WO16hZeE9RDKOrA2TUUi8OmkjNME9zQ4

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • Size

      3.8MB

    • MD5

      aef27e82cd86ed5003b277fb319beb27

    • SHA1

      52eecb59d4a8a5404f6dc347cd46fbd4ee964995

    • SHA256

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • SHA512

      16a61f280f5cf3fd04d9e4f9d956fabbc2855f5d0b1c890e614baf5b4f6fd3441b41c8c7de5a768f443128e715eb933d6c09a2855e52cc405b9eb042baa46efb

    • SSDEEP

      49152:Nsz6FvpOiHY7sz6FvpOiHY1+we6AC9L7lARB3QJhut7C6:N0WQ0WZ

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks