Overview

overview

10

Static

static

3

fa84aaca64...24.exe

windows7-x64

10

fa84aaca64...24.exe

windows10-2004-x64

10

$PLUGINSDI...og.dll

windows7-x64

3

$PLUGINSDI...og.dll

windows10-2004-x64

3

0/Setup.exe

windows7-x64

3

0/Setup.exe

windows10-2004-x64

3

039F3.dll

windows7-x64

1

039F3.dll

windows10-2004-x64

1

039F4.js

windows7-x64

3

039F4.js

windows10-2004-x64

3

1/333.exe

windows7-x64

3

1/333.exe

windows10-2004-x64

3

2/babka.cmd

windows7-x64

6

2/babka.cmd

windows10-2004-x64

6

Ionic.Zip.dll

windows7-x64

1

Ionic.Zip.dll

windows10-2004-x64

1

SibClr.dll

windows7-x64

3

SibClr.dll

windows10-2004-x64

3

Sibjs.exe

windows7-x64

3

Sibjs.exe

windows10-2004-x64

3

Sibuia.exe

windows7-x64

3

Sibuia.exe

windows10-2004-x64

3

Zip.dll

windows7-x64

1

Zip.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa84aaca643d68422484d8c78e900d06102d0fbff57598755e97705bfe419c24.zip

  • Size

    5.9MB

  • Sample

    250128-q7g96azrgz

  • MD5

    f231fe5903c691d8f81fdf89b6421482

  • SHA1

    3a2973336ded3eb4597562902d01876e3625864a

  • SHA256

    ad8d6798369029e6adbf0e2c044a66f09b3ddd055ddd147864adb1a255b57f79

  • SHA512

    38c7a283d45dab8a22dc660ed3b21ed6855810eebe5303b918b62d2a20591965e40b743badf81daabe57cadb94506bbd4f98d194ac0564c4071c48b493d0ae92

  • SSDEEP

    98304:kLLnpRGhP34CRaXoABzVtIChfoXaMFwtxpdOiXlglkyBpEQK0nl2GxcFAM9HZLy3:knnzpCRaXhxVToXzGQpjBpxlTcSeZyio

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      fa84aaca643d68422484d8c78e900d06102d0fbff57598755e97705bfe419c24.exe

    • Size

      5.9MB

    • MD5

      90266d58cb8c03bf6f3171e60b383ee5

    • SHA1

      2bd1981838b9f80196a1576e398f89bf964ea24f

    • SHA256

      fa84aaca643d68422484d8c78e900d06102d0fbff57598755e97705bfe419c24

    • SHA512

      8899898628a6eac463d34f9f19bd7c577e16d4d4cf79697ca7033a820392b353a1e6e38c96b645e8afaa4b953dc55b5909493646205b4ebf4192b5db8ac65673

    • SSDEEP

      98304:AjHUJxDQbcImqaNCO8MX71guf/x2NSaGn6AGpq5TL+B3KogDaVTB0SiP0wzH:AI+mqvO8kDxuSZ6AGp++1sIy04

    Score
    10/10
    netsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/siblog.dll

    • Size

      146KB

    • MD5

      2fab606d750aad11fbf8e0a9060172db

    • SHA1

      b2e40332e179f921a73c64ea09a54c0f2bf75959

    • SHA256

      d3289b09fc9c37a80f0215b5c8c7990b9d3353e0c27cc4689e806d6026b6dda7

    • SHA512

      1670ddfb2233c346a8cd5ee88700697c17123923da964e115c6ade238f77b421f51bf6459bf46bb3966f1de8fdeeeda774d7100b5c5dac46e53e738e8691ab1f

    • SSDEEP

      3072:jK2xllPc8r1tFA7mJKDZ9KofLSMqtugBC7TlNK/574C:FxlyU3C6e97LnzO574C

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      0/Setup.exe

    • Size

      5.1MB

    • MD5

      596636d5258ffeae01bd19f87d96808b

    • SHA1

      4f2883153d197f18ec21a78f4df0544cb326a99c

    • SHA256

      873d448590ed30d1ba80ca54c84714cddec27ad6a1e4f84fcd7b091d3acf9a56

    • SHA512

      0cb8ceb79b0a1f43c02458517b6e6b46a1121a714feef2e72934e9065447f0eefb4661d474d56776a0c92e52c851a682ba17a3e80901f6d4633deb32e16a3ea7

    • SSDEEP

      98304:cqwsVKHOycs8IZPEQF9iBCLrejdrgphScSH+txR:cHr8SiALroyIw3

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      039F3.tmp

    • Size

      4KB

    • MD5

      de92f3c2273b3803e23216387c87b769

    • SHA1

      23395fbc13ad680e1b4a5a01aaa8e4b07329fc04

    • SHA256

      39858473da9bedf8b5c0ffe9cd4763de4879e877e783fd038af3d93338fa9951

    • SHA512

      8ecac578fd704a8be968cfe5c8733b32e3c4b8a4443499c5071a262e8e5026582729cea772f21cc0c3aa7a49ed4cb7e456d39f09a750c6d65a86b31e1dfd1fbb

    • SSDEEP

      48:6+9mUnRRQXGrx5KcCp17Zeder2jeC2FHGHWBXo7qOPuln0MqI:XYmxZCpydk2oFmoV0M

    Score
    1/10
    behavioral7behavioral8

    • Target

      039F4.tmp

    • Size

      6KB

    • MD5

      e18bb555ad612faca72cd518afc42931

    • SHA1

      5d33476e909fced814500c95e67e729bed003fb8

    • SHA256

      36f86d18c21b93868bf43b3b7d20439d8cf9914c1b557e42f22addd84b4a6f72

    • SHA512

      fe976afe2357d1670d6728c695c88c24c3a575bd5d5de25ebed6a552294b52ff05301a909997a1b987ca74debcea539adc405c9c2f3b0c54254ba7b46a03fc9b

    • SSDEEP

      96:XDNVHkleDxbIs7MHLkRSG+k857xrSG+Ut9MvHr/m7PSG+sORdRNRCINXh7q7:XLHkleBykUGbMmGL8PG3ORdRNRPNX

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      1/333.exe

    • Size

      323KB

    • MD5

      f76410e6255ed89c286c35b7b7c5269a

    • SHA1

      8a22735312d9a4692350464b107ed5872bf2527e

    • SHA256

      0b8c0c908da39e77e0ef2f4b3b0eb96f3709d052252e0eae619790c61fc42b81

    • SHA512

      51792ac3843450672ede7a44e1dab0509b26e1ab4d2fa93d08c0d25644920bc5afbeb35372cf55a99fa624f61c5e1188ee9d3bff58808c9b3d7c8f61c95435d7

    • SSDEEP

      3072:mnWSR+jounK7NAKDjiBmKbOUEuQvS/bcwWE2wup3vMRU6RLvHEd9VhMCyqKbv83w:NTouKrWBEu3/Z2lpGDHU3ykJvPJfbC//

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      2/babka.cmd

    • Size

      277B

    • MD5

      7b3f261fb057fce0cb6233bd5258f829

    • SHA1

      d8b9075eaea96e7c5444cd3a209c78bd8bcd4e38

    • SHA256

      70fc159c1040f7da1beaba2ca98004babbd2ae7e2957d7c0c2aa67ebc43a1457

    • SHA512

      06401741072a5f0e41ea37523925b04af9fb2710f559b21eaba3a449a929d86028dfa6750d67744940bdcfb838e20fcb7210239a67d9f8c6ad09f4d0ed73d2be

    Score
    6/10
    persistence
    behavioral13behavioral14

    • Target

      Ionic.Zip.dll

    • Size

      420KB

    • MD5

      cb27185f1f9b8cd76093300a83856e5c

    • SHA1

      28fe6f101e0415a8dc6c2c52cc6414da61ec4d02

    • SHA256

      35d73ec1b3bcdd743c951502aa5ac6bb756e6087311bfc9648587d6c94ca746f

    • SHA512

      61f94374643f526a14d243dc2deaf33b3998d94a0407e2af2c7354e9ff73ec2297087f9faa61b593ee0228fab3bd11f6b4acb67dfce3d70b20b9de0a6e54e44f

    • SSDEEP

      6144:fxelW5xGKxjuBGtSV41QJDsTDDHJFiZiWs3inQPQl:MlW5sIq4S4YsfBWWXol

    Score
    1/10
    behavioral15behavioral16

    • Target

      SibClr.dll

    • Size

      66KB

    • MD5

      640f3d42e52e3d361569c3fb6bb4441d

    • SHA1

      2c7acdc20d3788b58bf139f304ed38ceaa98af31

    • SHA256

      ffc17acf3f3c8e73b944e279fee7ecaf6fac46ec4c305aedc1c51122db256e37

    • SHA512

      5429b2ede62400166950e6385b44612960338ccb7162b82fe7e62cb6e48b9e07be22eea6a8c798defb5320a34a8e26d85e71886754e8e8a71d0a0ffc30ba1158

    • SSDEEP

      1536:wd5nlP2FOyeZV0EFe6IsbF/1b9XwT9UwfQroJQr6nK:wLnlP2FOyeZV0EFe6Isbdl9XuUwfQrCU

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Sibjs.exe

    • Size

      2.1MB

    • MD5

      cb98aab3f8a161d55d04086ffcafbbbd

    • SHA1

      14c4c97c22d6c3456da33c59ed1dc9d8f86fdc73

    • SHA256

      94a297719f304bb12f650d693984db73c7a72685f28cdeeca2fa34a407808231

    • SHA512

      fd79696e98c8e3f9a422fa879c28b3305f007b8ea5efd80b5524704b8bea8183c0ba11d4336d5a4aed1c97b17a668b488808fb0a0f7614f001a32c48e3d8083b

    • SSDEEP

      49152:M3/gkI5J3aQ8EeZrQYcPRTX8PI6ct/6G3IDfe57b968bhs3Z8+uBpT:M3/gkIf7uVpcP5X8gpR6G3IDfI68bh+C

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      Sibuia.exe

    • Size

      2.2MB

    • MD5

      a27781beec02a26de306aae4f1a07eca

    • SHA1

      56cfe4516031a3cbb6e9ea93d910447914f22e01

    • SHA256

      845bb388322c35078cfc9d47d4d1752b62f796f4defa79215004547a040d0704

    • SHA512

      dfc25773b867805c5ffaabde22be435512cf9597237aacb4627f6b66c69f68180f78877983b5099dba7b3792a0a0836ad0991004af1a9271b3827d53aca03236

    • SSDEEP

      49152:0WCNFxq0fxayB2TONHJcjhs5cj8h6oTsAsmi9iFBShiYFW+p5eOQ:WNFxppbBoOVGjhsQ8h6oTsA9i9mBShi9

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      Zip.dll

    • Size

      27KB

    • MD5

      370ee18a17759b6bfbed5cd61c9cb790

    • SHA1

      9c771cb24e1be76c2b2ca8eebbd9b3cf35f2b225

    • SHA256

      fc66cd9add2a83dd2fb12cd908e8f70d54530d4dbf011e948c8adeaaa1dc975b

    • SHA512

      1ec5d3d3dbda311fca1dfa67e663ad01eeb2b6c0f53f17a48dbb8bdb20bdd5f102dcf959d8bda0d83ddcc97eb50858d31fa4945cd8e1a0da8ba96cc65177e5c0

    • SSDEEP

      384:bNkcKOXXU2KpwKNs1IdrMkSJIVE8E9VF0NyTGInpwKNs1IdrNJjSJIVE8E9VF0Nq:bNuik2/SdrW2EVcSdrn62EWg

    Score
    1/10
    behavioral23behavioral24

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

netsupportdiscoverypersistencerat
Score
10/10

behavioral2

netsupportdiscoverypersistencerat
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

persistence
Score
6/10

behavioral14

persistence
Score
6/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10