netsupport | b17737a19e78307ea11a7f3764b51365df6e73102a8716c3207a1306c41eb1c0 | Triage

Sharing

General

Target

b17737a19e78307ea11a7f3764b51365df6e73102a8716c3207a1306c41eb1c0
Size

165KB
Sample

250205-pzblzaykcq
MD5

23d1d2a5e9fec93a3368920b16407cfe
SHA1

3d40d6e30053434111e2c76ee8c3516686b0ae67
SHA256

b17737a19e78307ea11a7f3764b51365df6e73102a8716c3207a1306c41eb1c0
SHA512

ba06cf8045a3a317efe665a9fef3483781f0809ae5d3c1f29c168cb578ac33dfbedcd6339217fa755eb824a2857cc70e5cdfc0befa9fc79b5a8c56ef4bd1d2e3
SSDEEP

3072:a0858HUavEo+IR2X4uZX4HCCwr/Ybc4053b1GpNugzduUvNNosc/PzzRq87rtv1J:R8y0avT+IR2IW4H2b4053opNtxuSNg//

Score

10^/10

netsupport discovery execution persistence rat

Malware Config

Targets

- Target
  
  Платіжне доручення_496/Платіжне доручення_496.js
- Size
  
  442KB
- MD5
  
  ef74d082583d313298680a756f0d82d8
- SHA1
  
  0dbeb317d8b00cb74137ef69d5f99b71b01fc333
- SHA256
  
  327d738d22e9d8e0a40761521c507d3ca9d92128031ff82503b34c0a86f64f76
- SHA512
  
  65f7169362aa63ffe708301735878e1b1cb2c4ea12fbfec7408e659787388125b06d861554e7a0b7af339ed4d0ed018fd6c44eb55c4643da4b2c1c90dc6340f0
- SSDEEP
  
  12288:sWAmOGMiKvfXXr8D4/I+cvNN6Sf+GaLC1iXg5Xjd2qOWSlFq6c:uAMiKvfX79uiC1iXg5XXSlC
Score

10^/10

execution persistence netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

netsupportdiscoveryexecutionpersistencerat