Overview

overview

10

Static

static

4

ПЛАТЕ...18.pdf

windows7-x64

8

ПЛАТЕ...18.pdf

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ПЛАТЕЖНА ІНСТРУКЦІЯ_00000818.pdf

  • Size

    194KB

  • Sample

    250212-mntbjaxpfj

  • MD5

    cae56642c9652218a90cb9393ef4b1e5

  • SHA1

    e9644616a09e1d53ab5fcb1335459c270044890c

  • SHA256

    864c79228c2f3d6b15980dcb180585f7dbd7b4fe457c779e198cbf9164c25a6e

  • SHA512

    21e108daeae1df8ff0ccd0d28da179ec40605b848348774ab9cf93bfec0a52e62d8dbbfa9a48cdda431e31f4827fc628725d32d9b040453396bebd96581c6d7d

  • SSDEEP

    6144:rhzzkdi1pv2BdYgZ1VzkR9YYPfslTdCbBW:rZkdi1RkSk1VzkR9YYsqBW

Score
10/10
netsupportdiscoveryexecutionlinkpdfpersistenceqrrat

Malware Config

Targets

    • Target

      ПЛАТЕЖНА ІНСТРУКЦІЯ_00000818.pdf

    • Size

      194KB

    • MD5

      cae56642c9652218a90cb9393ef4b1e5

    • SHA1

      e9644616a09e1d53ab5fcb1335459c270044890c

    • SHA256

      864c79228c2f3d6b15980dcb180585f7dbd7b4fe457c779e198cbf9164c25a6e

    • SHA512

      21e108daeae1df8ff0ccd0d28da179ec40605b848348774ab9cf93bfec0a52e62d8dbbfa9a48cdda431e31f4827fc628725d32d9b040453396bebd96581c6d7d

    • SSDEEP

      6144:rhzzkdi1pv2BdYgZ1VzkR9YYPfslTdCbBW:rZkdi1RkSk1VzkR9YYsqBW

    Score
    10/10
    discoveryexecutionpersistencenetsupportrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks