Overview

overview

10

Static

static

1

870663b078...e0b.js

windows7-x64

10

870663b078...e0b.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

  • Size

    1.4MB

  • Sample

    250120-vm3gtazmcw

  • MD5

    36441c052f970f9c8788e52869c44e9d

  • SHA1

    e99ae52ba3e30d421d56ca44f4670110685d63ec

  • SHA256

    7f5134e8ec76c9272c6d9e7b2e45e27ef0cc61fb98a103b11ff47e841635e214

  • SHA512

    37f2b6c78aa2302d3059d85889d4a77c0432333901898418fef604f4ea698bceabc544c582fe057df0f147045d51a1f4166533c5727e26efab1a85560b300931

  • SSDEEP

    24576:HXYO1irGNwhZeE9RDfd8kqCrZPnaf6PbJ6K5lKUiBo/OqWIr4jNME9SAQJ91pmMW:oO16hZeE9RDKOrA2TUUi8OmkjNME9zQi

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • Size

      3.8MB

    • MD5

      aef27e82cd86ed5003b277fb319beb27

    • SHA1

      52eecb59d4a8a5404f6dc347cd46fbd4ee964995

    • SHA256

      870663b0782a4b7a05e84d4dd8154711c41bb26299365bdc2373f470d81b5e0b

    • SHA512

      16a61f280f5cf3fd04d9e4f9d956fabbc2855f5d0b1c890e614baf5b4f6fd3441b41c8c7de5a768f443128e715eb933d6c09a2855e52cc405b9eb042baa46efb

    • SSDEEP

      49152:Nsz6FvpOiHY7sz6FvpOiHY1+we6AC9L7lARB3QJhut7C6:N0WQ0WZ

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks