netsupport | e26c4397807fe46ca288f3126ef38d2c3c5c210b13a77a12b97ac57c6d042082 | Triage

Sharing

General

Target

ErsYmaxz.zip
Size

2.2MB
Sample

250206-k83plazqct
MD5

8fd4dca41fda77ae4ba4589d38890cd4
SHA1

d5cf964dc193fb774463acbb0a188dc2ec7253c9
SHA256

e26c4397807fe46ca288f3126ef38d2c3c5c210b13a77a12b97ac57c6d042082
SHA512

6f660ad2f7e5e10a20b78a4bb50e758eff45e39bc88407f564733f9ddee84832e0e2bec0e41956e75c16a636dae11c50b798dffbf0a8d338cf634daa667174c5
SSDEEP

49152:ILsPeR8M75q5Kqr2YyNgvOPdrto0p2q5dXAnh2cyauKC4GFvU3x:ILsPeRf5+5yNnVp5xGmauKnYvUh

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  AudioCapture.dll
- Size
  
  91KB
- MD5
  
  4182f37b9ba1fa315268c669b5335dde
- SHA1
  
  2c13da0c10638a5200fed99dcdcf0dc77a599073
- SHA256
  
  a74612ae5234d1a8f1263545400668097f9eb6a01dfb8037bc61ca9cae82c5b8
- SHA512
  
  4f22ad5679a844f6ed248bf2594af94cf2ed1e5c6c5441f0fb4de766648c17d1641a6ce7c816751f0520a3ae336479c15f3f8b6ebe64a76c38bc28a02ff0f5dc
- SSDEEP
  
  1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  2d3b207c8a48148296156e5725426c7f
- SHA1
  
  ad464eb7cf5c19c8a443ab5b590440b32dbc618f
- SHA256
  
  edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796
- SHA512
  
  55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c
- SSDEEP
  
  6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  a0b9388c5f18e27266a31f8c5765b263
- SHA1
  
  906f7e94f841d464d4da144f7c858fa2160e36db
- SHA256
  
  313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
- SHA512
  
  6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd
- SSDEEP
  
  192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  PCICL32.DLL
- Size
  
  3.3MB
- MD5
  
  916c03d8fc0c1fd211c254737dff1055
- SHA1
  
  948ee4fbae7ce9dc7a37ccaca75341876bbf5d70
- SHA256
  
  250e8bbec081ae5e65b669da92652af6d4266db816c8705fbc9be84707914d99
- SHA512
  
  ad18049763a0c289f80c0efa21fbe2a44d0d3f4b5f3686ed9be7562e5c9c68f932a8047377e3a5a8a2a6f09046bb12eadf8b6d3b99dfaa81650fa633ccee1050
- SSDEEP
  
  49152:IPcnfKOu6iigooamJwfLlH41GarwYoxeOfR90J0TpHaJclST2503:IPcniOu6CvJwfLVzpxeO59/Sv
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  TCCTL32.DLL
- Size
  
  448KB
- MD5
  
  69f72ad2dad99ff0fbc7f2c671523014
- SHA1
  
  8aaab0955014b89ca794a51dd527d3afe6f38a94
- SHA256
  
  23f17cc168cc82b8ae16f3fc041d4465e1b12e66dcac1713f582f99303a740dd
- SHA512
  
  ea18d92790f52405027666b7501cf908426b9b57fec4157a45d86387d50324e414644245269dc1a0567b27c6c4b7c4b323d692bf449add4797dfcd7101531349
- SSDEEP
  
  12288:suqhtvbez3wj9AP8Ah0DAmlse99fow3/qkxf5iJg0nTUtnTvm:s3htk/eHoJktEKITUFTvm
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  client32.exe
- Size
  
  117KB
- MD5
  
  a2b46c59f6e7e395d479b09464ecdba0
- SHA1
  
  92c132307dd21189b6d7912ddd934b50e50d1ec1
- SHA256
  
  89f0c8f170fe9ea28b1056517160e92e2d7d4e8aa81f4ed696932230413a6ce1
- SHA512
  
  4f4479ddcd9d0986aec3d789f9e14f9285e8d9d63a5b8f73c9e3203d3a53cd575b1e15edf0d5f640816bb7f25bd3501244e0f7c181a716a6804742ed2f1cf916
- SSDEEP
  
  768:rNd8VZl6FhWr80/aVr2pe/1G42KFKcMkjWBr2pe/zcKFKcMkA:rfO0hGSBee/1GVIrveee/IIrU
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
behavioral11 behavioral12
- Target
  
  dxva2_.dll
- Size
  
  130KB
- MD5
  
  7ce99f5905d6f3b7e768f23915aea986
- SHA1
  
  4198596073ad198254bc88a46998cb2b7a774632
- SHA256
  
  5f61f0d9fbf7ec6b137b995cc9d1901d4c4c333877c619c5e6f56bac967cbb6e
- SHA512
  
  9a7f116915db38379a30d7e011c1b986af52a44ae1ea0e2eeed719a96baa56b38b78d7659d910d5421f0e5e16ed53a88b6d48f55b4110f0b6d3d3d41397462fb
- SSDEEP
  
  3072:IwHSKxsCu/fk3DQ/3Q09unPT8rsWyjv9:Lpxs7fkDkQ09suS
Score

1^/10
behavioral13
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral14 behavioral15
- Target
  
  pcicapi.dll
- Size
  
  32KB
- MD5
  
  dcde2248d19c778a41aa165866dd52d0
- SHA1
  
  7ec84be84fe23f0b0093b647538737e1f19ebb03
- SHA256
  
  9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
- SHA512
  
  c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166
- SSDEEP
  
  768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
Score

3^/10

discovery
behavioral16 behavioral17
- Target
  
  remcmdstub.exe
- Size
  
  58KB
- MD5
  
  ba2a1815e16b357eeff23b8394457aa5
- SHA1
  
  2492e2393cdaed5678ea0a573c50d06ec5f191f4
- SHA256
  
  e14c3224215ea91587e96b995861e8966166dfc08ab4d409bd729770815b3b81
- SHA512
  
  d505a1a17c44a96e74f94238b3623d7e6064b8c94007f2d94d6626eeee3ba75db92e569bc864c90096eabf61a0cd68ae690461b43b6e429b4deda1b44e18ba41
- SSDEEP
  
  1536:Wf6nvXuNcAjJMBUHYBlXU1wT2JFqyuAQYPT:g6nPcjJ4U4I1jFqyuHuT
Score

3^/10

discovery
behavioral18 behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

netsupportdiscoveryrat

behavioral12

netsupportdiscoveryrat

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19