Overview

overview

10

Static

static

1

870663b078...e0b.js

windows7-x64

10

870663b078...e0b.js

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

  • Size

    1.4MB

  • Sample

    250120-vf9mjszkaz

  • MD5

    da3d896ccfc445f7f77455994fd1f389

  • SHA1

    45b60497c1f0e01cf6ab89b1ddbe83c9604cb60b

  • SHA256

    149a62a2b6d3ced996ec220e2a653c3e7a65753a2d846f1ecf0c6214af63cead

  • SHA512

    3b2cffed69065cf35828255de0b42318272a41a314c032a5e39698f74fcec58da94cac9941b08efa0e9a28c62fe39bf079d5196a3a78d9b1c0bcf5b85b448373

  • SSDEEP

    24576:DXYO1irGNwhZeE9RDfd8kqCrZPnaf6PbJ6K5lKUiBo/OqWIr4jNME9SAQJ91pmMG:UO16hZeE9RDKOrA2TUUi8OmkjNME9zQy

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • Size

      3.8MB

    • MD5

      aef27e82cd86ed5003b277fb319beb27

    • SHA1

      52eecb59d4a8a5404f6dc347cd46fbd4ee964995

    • SHA256

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • SHA512

      16a61f280f5cf3fd04d9e4f9d956fabbc2855f5d0b1c890e614baf5b4f6fd3441b41c8c7de5a768f443128e715eb933d6c09a2855e52cc405b9eb042baa46efb

    • SSDEEP

      49152:Nsz6FvpOiHY7sz6FvpOiHY1+we6AC9L7lARB3QJhut7C6:N0WQ0WZ

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks