netsupport

Sharing

Copy URL

Twitter E-mail

General

Target

nsm_vpro.zip
Size

2.6MB
Sample

250220-sgrf9axnbj
MD5

d25bfc48129f6474fbcf61fb7e3759fc
SHA1

e42e4a5dbb3af157597d6367647ec42a1f473441
SHA256

1d016c7c7f1420749bb5d7c1d265ff7bebc59f0cc4aa487e546d7eed7ea0154b
SHA512

78f9008390eb2d3d42398d8a0bf893135299838b0a5f4ac0c0a9cba706fd0c4734d1eb9da94de36a3f255845a15dec8aee3e0b5bd9eec6935dd11020ba8345cc
SSDEEP

49152:FINfCr5pRjlNmtJ+fiXsL3HYZuc72YDEaJPp+1zLAM/85dqCX:CNaVjlNq+aAoocaY4aJPpc3AM/85dqCX

Score

10^/10

Malware Config

Targets

- Target
  
  AudioCapture.dll
- Size
  
  76KB
- MD5
  
  2a82792f7b45d537edfe58eb758c1197
- SHA1
  
  a039182d4d1ef29c6d8c238f20f7b8218c28f90c
- SHA256
  
  05aa13a6c1d18f691e552f04a996960917202a322d0dacfd330e553ad56978ed
- SHA512
  
  c6c6799b386e0d6489d9346f1d403b03b9425572e7418a93a72c413a4b9413945aaf4ea97a7d7b65772e5e3f00cff65f180f6fef51a26d4fdc2ff063816b5386
- SSDEEP
  
  1536:96Y+zbZm8/v/k957pyPkLDfORFMTlrSWqNj5CdnTrioQ+ywlj5CdnTXZQ+8iA:96Y+HQ8/3k9RppYFclrLqNj5CdnTrIwp
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  HTCTL32.DLL
- Size
  
  306KB
- MD5
  
  3eed18b47412d3f91a394ae880b56ed2
- SHA1
  
  1b521a3ed4a577a33cce78eee627ae02445694ab
- SHA256
  
  13a17f2ad9288aac8941d895251604beb9524fa3c65c781197841ee15480a13f
- SHA512
  
  835f35af4fd241caa8b6a639626b8762db8525ccceb43afe8fffc24dffad76ca10852a5a8e9fc114bfbf7d1dc1950130a67037fc09b63a74374517a1f5448990
- SSDEEP
  
  6144:Jd0nVF1ZtRq6itu9i3uxUnNPhMKj8TwFIKhJ08fvF0dGhZUbol:JYZrokUnNPhMY8TwFIcJB0i
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  KBDTAM99.DLL
- Size
  
  7KB
- MD5
  
  ccc736781cf4a49f42cd07c703b3a18b
- SHA1
  
  6ad817d7e8b7e9dc978763305a4cd4f1ab9abb66
- SHA256
  
  000c4b5b50966634df58078511794f83690d693fccf2aca5c970c20981b29556
- SHA512
  
  39245c4ba554a5a178310af2b8578401360bf60efda427332249eca02d6d65e4b419270ba648e4ad36aacca810133f8e4404372dee98a3648c1e4a9b85dedccb
- SSDEEP
  
  96:Ze+NFyw5fGU1irzSJ39uEMpi4nKW8cWwBvv:ZrNgUiyJ393W8cWq
Score

1^/10
behavioral5
- Target
  
  PCICHEK.DLL
- Size
  
  27KB
- MD5
  
  e311935a26ee920d5b7176cfa469253c
- SHA1
  
  eda6c815a02c4c91c9aacd819dc06e32ececf8f0
- SHA256
  
  0038ab626624fa2df9f65dd5e310b1206a9cd4d8ab7e65fb091cc25f13ebd34e
- SHA512
  
  48164e8841cfc91f4cbf4d3291d4f359518d081d9079a7995378f970e4085b534f4bafc15b83f4824cc79b5a1e54457b879963589b1acbcfe727a03eb3dffd1c
- SSDEEP
  
  768:X52mBHj1XCdnJ8EriRGp9E+l/kaTj1XCdnJ8EZp9E+8iROA:JPBHj5CdnTrioQ+l/kaTj5CdnTZQ+8iX
Score

3^/10

discovery
behavioral6 behavioral7
- Target
  
  PCICL32.DLL
- Size
  
  3.3MB
- MD5
  
  77b3988cbae5a2550caec42cc5e8ec35
- SHA1
  
  5fa1eeb60e881bfd82eb7c3d9e911587982aaa38
- SHA256
  
  650382fe6596c8dc0c1739713c2076d4ddff32d5c177210b1241550bb8148cfd
- SHA512
  
  480f3abef7b799bd604ba9825e2b8cf681e7850373761c579ef181607980d5159c225fb486996e3088f39662f873743d25b52368045d3ae5bd8d45e44d1e8bec
- SSDEEP
  
  49152:oOelFBtdIVwi6FXg334cdqfs5Q9DTroafCcOSENKAZ370T:oOwFBte6BgHOE5gRMSxAZ6
Score

3^/10

discovery
behavioral8 behavioral9
- Target
  
  TsUsbRedirectionGroupPolicyExtension.dll
- Size
  
  13KB
- MD5
  
  d89cda3ff8427da82de6cce39008c5bc
- SHA1
  
  33889517517b8953707796d12d6907b039c715d1
- SHA256
  
  f44cc1e23d0d192dcfd84069b27704cd0b2a8e7720eee43656f57cb474433762
- SHA512
  
  4a73be7228960719236f39abc6dba7741498d3a3539f7bcc31b6d28a2574e41e4f85e6c2e0fbcffe9ba3b6a646fa3fa078adc0a53c46a4676b871fb92e11fe4f
- SSDEEP
  
  192:wWMcTgQEri3hPkpzRK7KVM6cqm+saSLysnlsam4oIWa+W8:wWpTgTu3ypzRo61mVag9Jm4oIWa+W
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral10
- Target
  
  WiaExtensionHost64.dll
- Size
  
  11KB
- MD5
  
  5d084613c0e5c8c3022d9e0f316b0e23
- SHA1
  
  784dd38d9e553eb4b8955320fb596ae4e6854f23
- SHA256
  
  07bc4dc48d5d9bcc2ce52ca8a0f925ca021092dc34cb811e183cbc0d32e576ba
- SHA512
  
  263d3de392b5a4e40e9fbd791062b2731f27410e977dbdacb61810d1a1c2cf24658d8abf5d09a99a18ff7a87c122d9b6744d40723c1637621c5feb327fad752a
- SSDEEP
  
  192:A21YiMppUPSz/pO6IsVTHzdZpCIdglelWWaCtW:AviMppB/w6NTTbXlWWaCtW
Score

1^/10
behavioral11
- Target
  
  client32.exe
- Size
  
  117KB
- MD5
  
  1c19c2e97c5e6b30de69ee684e6e5589
- SHA1
  
  5734ef7f9e4dba0639c98881e00f03eea35a62ee
- SHA256
  
  312a0e4db34a40cb95ba1fac8bf87deb45d0c5f048d38ac65eb060273b07df67
- SHA512
  
  ab7240b81be04f1bced47701a5791bbeedcba6037ee936327478c304aa1ce5ae75856ca7f568f909f847e27db2a6b9c08db7cc1057a18fab14a39a5854f15cba
- SSDEEP
  
  768:mfVZl6FhWr80/Lqar2pe/KLKFKcMkuNr2pe/PNKFKcMkM:m70hGTqaee/CIr4ee/VIrI
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
behavioral12 behavioral13
- Target
  
  comcat.dll
- Size
  
  10KB
- MD5
  
  835ff05a3f5e16e0fe41e515ea398bd4
- SHA1
  
  e025cb17bbb01a1b5715ebbc745272a8611dae6c
- SHA256
  
  8dcfb1e6aa965df4bd4c0551d03bdfd6472c80219ada4671910958688fbb4ab6
- SHA512
  
  e6a7002316b05759c433b3e0516843a14199ee4b23315d799b533a52f9932f4715fc8aa5fae96892901ac67f0dae6d239eb37fc722558cb7c9dd906564719cd1
- SSDEEP
  
  96:j6cuh8B0DNcU2QD6SNkdSWn+smK/4W70ADlqNXEWPT0lF+WwUL:jLuTkDSNkQ+h4WoADlBW7a+W
Score

1^/10
behavioral14
- Target
  
  getuname.dll
- Size
  
  11KB
- MD5
  
  91c68038bfc064ea8fb6d432acd38ee0
- SHA1
  
  4df7e33b6e325f31231eaaab366e2e710955babb
- SHA256
  
  68de057c4175d4c94afa2acb2abc1a9ccac04a3ceb8e84c33f7f414bb8b0eeb6
- SHA512
  
  002aef67593058c88b980a4107f1ca4ddfec5268456f76d1d358179e00ea2a0cd64c93fb31a7e78055885cfd508c90a7b19c6c6fa7a5a3c3ffa305677a0955d2
- SSDEEP
  
  192:f3emo46V4w9263FeVpszrEc3YDtmWIdW:Vocw99e8YRmWIdW
Score

1^/10
behavioral15
- Target
  
  ifsutilx.dll
- Size
  
  16KB
- MD5
  
  27a7213091cda31e84967bead4d29bd1
- SHA1
  
  e705e0fd25167c8cdaf984f067e3bdf4be8558d3
- SHA256
  
  42214053995b6188b2e20935ca8c92af77639f0d5541a132920a5cba2cfcbde6
- SHA512
  
  a16ee540cad2661f3d31071aed3b2f30ea5c0f068f51a350ef693fb83df30ce97ea4701714091ed0ef4a0806d908d93691beb0d8060b5ec73f62422477c8f3ce
- SSDEEP
  
  192:peIxDV4pntj/Hi3SbYMS9HERLChPjuARtNlvJy7VfYN7EcX2D1WsZW:peIxp4pntja35JExChjhtWYNZ2xWsZW
Score

1^/10
behavioral16
- Target
  
  f_000001
- Size
  
  268KB
- MD5
  
  0ff54325d32067bbbfaab2a068b06e84
- SHA1
  
  043f2e265bd76aa06dfe6eb1a14eba1331b65a0b
- SHA256
  
  d27c8a1736280fc804085a84a4fe9ac84e57470789d166a77542c77959f3ce40
- SHA512
  
  5f09de233599412dd102f93b77511c2e0d51dbf707778d161710102c98cf67efcac71718e154982758824e056f3d86bf2b4d323199edf6e876a8e63136d888ca
- SSDEEP
  
  1536:cMCBaHgY6Fe6Oqr4IKwXkMVHRk68xjxUl89xEHSZiggAP7DUja2RuKk2tHjLz9zM:cMCTtPAXMZawlzQDEuARWmEh
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  manual/Mss32.dll
- Size
  
  436KB
- MD5
  
  1f7c162a3e43bd6bbd65fa30b6659637
- SHA1
  
  c2df70e74dea01868502ca313db953a262460962
- SHA256
  
  3231d251c8aa4003b3b23196fe849b97c5ea3ac2d3549980e83bceb9078b4cf7
- SHA512
  
  06421027d20ed8e1cea53a31945f1cf2229114fa12ac45d2950f4c6efa45a48dc7a7b930d6efca93a506c7bd89bdf21e639a235412a67b30bacf2204b363c480
- SSDEEP
  
  12288:lmM3jKJyQwAx4xpFtHPRCEnpLt734nkk:H3j4wtvRh
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  manual/avformat-53.dll
- Size
  
  187KB
- MD5
  
  c5ccb86cd745746b9908031a54315f90
- SHA1
  
  d00147298fc236730a4076d5a03444ac970d053b
- SHA256
  
  ac1f83180e07ac2b3d1e6f80f94aee0b2591be13e8a1fe63998cf7f0a9f18f1e
- SHA512
  
  bcf3b40b241cba632d9fe15426d28f2ce4460523fcb1992d29ba2d85f9ee2973c7c23be0013319a973a11d2eafe882cf611d976ccb5e5877d393a035d652cbcf
- SSDEEP
  
  3072:sr928cq80ZkRaW391QjTnXPXFvbZ8/pLGVg+QwRlkR6j7lA8b:sr929YWaW3YjzpV8/YVg+wR6j7lv
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  manual/avutil-51.dll
- Size
  
  121KB
- MD5
  
  2a8b8a15a58edf3b443083ec29894e54
- SHA1
  
  b63a322d66472fbd2fb7723847af0f995bf9bf84
- SHA256
  
  84e6875f1869b8cfd73525f0c04f1bf2cf0d0d08b1226f62cfd44ff14fe0345d
- SHA512
  
  6209dc4e3ddfa585eea3cdb26fe1b731962be4a0e39b561de6d16451e48cfcf0459f474fab54f97babff87b969365895737f57d6a22c26b57cb3447230f0aaed
- SSDEEP
  
  3072:ifLOXurSBlfHfG2N1X5S4RvSCzdPV0VXkjf5dF:MElt3SsDdPVLjf5dF
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  manual/binkawin.asi
- Size
  
  54KB
- MD5
  
  f415f94065be11ed9a3b55a5d9baeae7
- SHA1
  
  7b19544d4977bc8d6e44613af17bbf28b301a02f
- SHA256
  
  1aba951f3d3de59aec6c3a77133241dac6949dd4b1d158a77b646ad1ec7c5371
- SHA512
  
  1c6b1d7f440b438a254bed691df2aeeef0c33664dec74a2b26625d3db9f6ce00535e3a3a72050398ace50fa599abc405bfb3d1db60480b4e74f66183bffad086
- SSDEEP
  
  1536:H3bvmwj9cj4644BAOpmE88YNxf9a8YXGFu0HXwbJoeQ3fr0:H3nj9o4644a2m78idc8LFu0HXm
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  manual/manual.htm
- Size
  
  80KB
- MD5
  
  15036497c764bb502abd48efbb1fac46
- SHA1
  
  8b2bfb63b247078767b101581e4c63a8ab8792da
- SHA256
  
  0b72ba493a432e307df3a21d59ac255d301f56cc602cbc19b8e05885339bdd77
- SHA512
  
  3a5ed6e54384e7cea58bfceff7f47a6eaaacab6f95130b96865de2003882a13d33b76923a5eec41a33575814489e0f598683ef8a62dafad305b51f7caa953a05
- SSDEEP
  
  1536:vIyp2DSWFvOo7txeogjFSlPYJ4nA2RnZavtUcmTUna:oEFSZc4A2RnZavecmT7
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  manual/mssmp3.asi
- Size
  
  70KB
- MD5
  
  ae0183c77404ac09270f44bb1a3e1204
- SHA1
  
  c70cf41b064c0e3ae698c93326b29ec630095c3f
- SHA256
  
  dd69f9509a50db36ea6f69f5f572c300dead7f0054801a255feb556e00a453ec
- SHA512
  
  e0c5587293719f43760bd2e9ec36c0a017d21de0452fb096ddd18f83339ba01c57a6fb49f8f20149290bb5e90c3c7cd5790493feb630769052d870c4be986b55
- SSDEEP
  
  1536:OWwX7EcZ4m2gD8p/nM3ZFpBU8Jk1Qyfn6Nw6S:OWwX75Z4mC/kFpBUgk1zfn6K
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  manual/mssvoice.asi
- Size
  
  149KB
- MD5
  
  ac55930ed33d9c3a6af4d398af5a9c89
- SHA1
  
  acdf9d6979615b680a6a30775e271cb08a594e35
- SHA256
  
  e99de0f5e95a70b84596a66aa1af8eb7f20cb9816e1fc67dbdd8f0feab1b26ac
- SHA512
  
  0da24ccb53a7b80dd8d35335adf29f9ef13c0b22de4eb0e4e45f1ce7c72f462e9a536eb640c30d3ad4b84956299b492502101ff86e1d9ce256e1a983f229f023
- SSDEEP
  
  3072:0NHep9vbLw51j8QYOQJBJgf56GrEJ9e9MLgSwI6atPC9wm5f:0NI9vYYxlgxc+MLgSwI6at6/
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Netsupport family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32