netsupport | e66ae0ac443b5140a1b35b5aaa6899eea296d9d633988eb044a395a34a887431 | Triage

Submit
Reports

Overview

overview

Static

static

3

33.zip

windows11-21h2-x64

Sharing

General

Target

33.zip
Size

2.0MB
Sample

250209-a288pa1mbq
MD5

6186f34c1711a00dc417e47ceb97fb7f
SHA1

39cd8e0ec8ce8c4505289323d832af733098351d
SHA256

e66ae0ac443b5140a1b35b5aaa6899eea296d9d633988eb044a395a34a887431
SHA512

4b2c9405cd53dc6d9a8b04339472c640855d8a5874aeee7d96a8f6310c561cba318741717458bbca246f3a4009ea52f9c088c66f4c0545ad06d024a5b6f4be07
SSDEEP

49152:Eds5IUlEDThXBJOhHbLfD52MHy1316AXSkAPoa2oQvWei9FM3:EZ5FXaNDbyv6sLu2opeN3

Score

10^/10

netsupport adware discovery persistence privilege_escalation rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

33.zip

Resource

win11-20250207-en

netsupport adware discovery persistence privilege_escalation rat stealer

windows11-21h2-x64

28 signatures

600 seconds

Malware Config

Targets

- Target
  
  33.zip
- Size
  
  2.0MB
- MD5
  
  6186f34c1711a00dc417e47ceb97fb7f
- SHA1
  
  39cd8e0ec8ce8c4505289323d832af733098351d
- SHA256
  
  e66ae0ac443b5140a1b35b5aaa6899eea296d9d633988eb044a395a34a887431
- SHA512
  
  4b2c9405cd53dc6d9a8b04339472c640855d8a5874aeee7d96a8f6310c561cba318741717458bbca246f3a4009ea52f9c088c66f4c0545ad06d024a5b6f4be07
- SSDEEP
  
  49152:Eds5IUlEDThXBJOhHbLfD52MHy1316AXSkAPoa2oQvWei9FM3:EZ5FXaNDbyv6sLu2opeN3
Score

10^/10

netsupport adware discovery persistence privilege_escalation rat stealer
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportadwarediscoverypersistenceprivilege_escalationratstealer

© 2018-2025

Terms | Privacy