netsupport | 0d9f0ac2a7b14bf072ce361a22eaf77d39264e78495881056edc4281cdc53e23 | Triage

Submit
Reports

Overview

overview

Static

static

4

ПЛАТЕ...19.pdf

windows7-x64

3

ПЛАТЕ...19.pdf

windows10-2004-x64

Sharing

General

Target

ПЛАТЕЖНА ІНСТРУКЦІЯ_00000819.pdf
Size

194KB
Sample

250212-nxcwkszldj
MD5

a2db279c2aac19c849312794c9adc306
SHA1

8447c865329546c5e47724982f387bd5db58920e
SHA256

0d9f0ac2a7b14bf072ce361a22eaf77d39264e78495881056edc4281cdc53e23
SHA512

145f3deba59e53d4151f3e8fdf1959bd242a1493ad09cfbcda83bdb1d25da8e5bc1730b1c709b30426bf8345632e1d5b16cdbfbba248d7757c374d94078c2f2a
SSDEEP

6144:rRzzkdi1pv2BdYgZ1VzkR9YQPfslTdCbBK:rJkdi1RkSk1VzkR9YQsqBK

Score

10^/10

netsupport discovery execution link pdf persistence qr rat

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ПЛАТЕЖНА ІНСТРУКЦІЯ_00000819.pdf

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

ПЛАТЕЖНА ІНСТРУКЦІЯ_00000819.pdf

Resource

win10v2004-20250211-en

netsupport discovery execution persistence rat

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  ПЛАТЕЖНА ІНСТРУКЦІЯ_00000819.pdf
- Size
  
  194KB
- MD5
  
  a2db279c2aac19c849312794c9adc306
- SHA1
  
  8447c865329546c5e47724982f387bd5db58920e
- SHA256
  
  0d9f0ac2a7b14bf072ce361a22eaf77d39264e78495881056edc4281cdc53e23
- SHA512
  
  145f3deba59e53d4151f3e8fdf1959bd242a1493ad09cfbcda83bdb1d25da8e5bc1730b1c709b30426bf8345632e1d5b16cdbfbba248d7757c374d94078c2f2a
- SSDEEP
  
  6144:rRzzkdi1pv2BdYgZ1VzkR9YQPfslTdCbBK:rJkdi1RkSk1VzkR9YQsqBK
Score

10^/10

discovery netsupport execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

netsupportdiscoveryexecutionpersistencerat

© 2018-2025

Terms | Privacy