netsupport | eede75177714132c06ed779a198681c87df0324d777c44e419dc4cf14748596d | Triage

Sharing

General

Target

scan_doc_000_282.js
Size

395KB
Sample

250212-mhhmvaxnet
MD5

9578235c402699cf68e0678083a5c6f8
SHA1

25fd2fe1dcbe2463c1a771eb8b339f34a73b0e43
SHA256

eede75177714132c06ed779a198681c87df0324d777c44e419dc4cf14748596d
SHA512

24af71c952cb3d8f319e2b4b574f060915f18f58102a9402337050e28efc90d9800df377f6cfd36f0bdaf7007820c408127a33843f86a1d4c03e65e347c2ac48
SSDEEP

12288:15g1AvBsUXtjIuR4dR/IvxS+G5N4hx1xQxAUftmw:1NvBsU9jwcx1xQxAUftmw

Score

10^/10

netsupport discovery execution persistence rat

Malware Config

Targets

- Target
  
  scan_doc_000_282.js
- Size
  
  395KB
- MD5
  
  9578235c402699cf68e0678083a5c6f8
- SHA1
  
  25fd2fe1dcbe2463c1a771eb8b339f34a73b0e43
- SHA256
  
  eede75177714132c06ed779a198681c87df0324d777c44e419dc4cf14748596d
- SHA512
  
  24af71c952cb3d8f319e2b4b574f060915f18f58102a9402337050e28efc90d9800df377f6cfd36f0bdaf7007820c408127a33843f86a1d4c03e65e347c2ac48
- SSDEEP
  
  12288:15g1AvBsUXtjIuR4dR/IvxS+G5N4hx1xQxAUftmw:1NvBsU9jwcx1xQxAUftmw
Score

10^/10

netsupport discovery execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryexecutionpersistencerat