Overview

overview

10

Static

static

4

ПЛАТЕ...39.pdf

windows7-x64

3

ПЛАТЕ...39.pdf

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ПЛАТЕЖНА ІНСТРУКЦІЯ_00000839.pdf

  • Size

    194KB

  • Sample

    250212-s3rddaxqav

  • MD5

    db8e8316048e649b02d50c34c1f863ee

  • SHA1

    38a55e869ba9a3810269e48b89c9f21fb66019ab

  • SHA256

    4b2273f9d069572785b46512708cc04f4fd5ffeaa17c1310bc4756ecc28549a0

  • SHA512

    7391c83f666b8373b1d37836c162d9ccf9c60de45b6dfecedfd3eb675aa4d6d720442afdaaf44027a7490ad61dad512e49e854f728b5351d6255e81e90822e43

  • SSDEEP

    6144:rpzzkdi1pv2BdYgZ1VzkR9YQPfslTdCbBm:rxkdi1RkSk1VzkR9YQsqBm

Score
10/10
netsupportdiscoveryexecutionlinkpdfpersistenceqrrat

Malware Config

Targets

    • Target

      ПЛАТЕЖНА ІНСТРУКЦІЯ_00000839.pdf

    • Size

      194KB

    • MD5

      db8e8316048e649b02d50c34c1f863ee

    • SHA1

      38a55e869ba9a3810269e48b89c9f21fb66019ab

    • SHA256

      4b2273f9d069572785b46512708cc04f4fd5ffeaa17c1310bc4756ecc28549a0

    • SHA512

      7391c83f666b8373b1d37836c162d9ccf9c60de45b6dfecedfd3eb675aa4d6d720442afdaaf44027a7490ad61dad512e49e854f728b5351d6255e81e90822e43

    • SSDEEP

      6144:rpzzkdi1pv2BdYgZ1VzkR9YQPfslTdCbBm:rxkdi1RkSk1VzkR9YQsqBm

    Score
    10/10
    discoveryexecutionnetsupportpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks