netsupport | 82c169ee608c0150baa1be66697c5a05e77b391093fe8e6af147a0fd40eb4415 | Triage

Sharing

General

Target

12022025_1620_scan_doc_000_305.rar
Size

232KB
Sample

250212-ttcpasyrbv
MD5

0db451bff5560fdd0e36e4fa2549c48e
SHA1

37007712f585ec6ee692daeaca6a260d702100d8
SHA256

82c169ee608c0150baa1be66697c5a05e77b391093fe8e6af147a0fd40eb4415
SHA512

4696ba7e55999703219e4bce4e331f4cdcfd04358ff833197c38ec5795cd4f2a43a9c98c40f66918d9823702b7a0b1ac29acd65943afe7ae10c18bc7b93db64b
SSDEEP

3072:pqoOdIPrtXRyLqJW6eS8EW+grHbbLcn6AfgyqumOiPRzhTDHV98ZLCqRyeCFhaKm:UoOdAthyVE3XqilquSPl9dqR7oBr25

Score

10^/10

netsupport discovery execution persistence rat

Malware Config

Targets

- Target
  
  scan_doc_000_305.js
- Size
  
  1.6MB
- MD5
  
  f97ff50f3fecbfe1270d14037dd9b785
- SHA1
  
  64c914c9b6fe8b6c468b8b6c8ba40902fa9e0aec
- SHA256
  
  86f7ca41108760a58e32eabeb86c55c1e24ab9b00c5129656ad9b4b0bf0bbbb6
- SHA512
  
  196ccd20a0e2ee9d8422ac34745b63934be8195e38848a352ded648bedd5343838c8e644d3cf7b9d5143a9ea8739ddff06e94282d415efbc35b775da38ecf17b
- SSDEEP
  
  24576:0Cz4F9dM2f8frCz4F9dM2f8fd2iHkEdj9:0Cz4F9dM2furCz4F9dM2fudhEEr
Score

10^/10

execution persistence netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

netsupportdiscoveryexecutionpersistencerat