Overview

overview

10

Static

static

1

scan_doc_000_141.js

windows7-x64

6

scan_doc_000_141.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scan_doc_000_141.js

  • Size

    1.6MB

  • Sample

    250212-nywebazlgq

  • MD5

    a8a3337913cd100ad4da9fb60975c0ff

  • SHA1

    defb97bc90945fca1088020c5945fa421e8a4791

  • SHA256

    56f98c9823a1ca3bf3d1b7eca82780721e82836f03cb4507e0bc5b904265c805

  • SHA512

    b3669196fd4419548b62dee3224aa88b6f99348ef5f6719fd65699f16aa4cb72ab10ac2beaf78c84b67156b50f3373cf31539259bb926c2db50ccd251f7ec6d1

  • SSDEEP

    24576:Nsz6FvpOiHoN7sz6FvpOiHoN7z+Y7qJecKk9wTGHpAol7my69:Nsz6FvpOiHY7sz6FvpOiHY57qJevy69

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      scan_doc_000_141.js

    • Size

      1.6MB

    • MD5

      a8a3337913cd100ad4da9fb60975c0ff

    • SHA1

      defb97bc90945fca1088020c5945fa421e8a4791

    • SHA256

      56f98c9823a1ca3bf3d1b7eca82780721e82836f03cb4507e0bc5b904265c805

    • SHA512

      b3669196fd4419548b62dee3224aa88b6f99348ef5f6719fd65699f16aa4cb72ab10ac2beaf78c84b67156b50f3373cf31539259bb926c2db50ccd251f7ec6d1

    • SSDEEP

      24576:Nsz6FvpOiHoN7sz6FvpOiHoN7z+Y7qJecKk9wTGHpAol7my69:Nsz6FvpOiHY7sz6FvpOiHY57qJevy69

    Score
    10/10
    executionpersistencenetsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks