General

  • Target

    34f9665f6e9f5eae331a1a0fd3f9f07c4848aea1c9c3f9f57cc5a2cd44f4b0b2.exe

  • Size

    12.3MB

  • Sample

    250308-fza6rssly8

  • MD5

    497dd79c09ba9ff77464f13f08deefdc

  • SHA1

    0cb617498da151695bc98dae0c56daba1242238a

  • SHA256

    34f9665f6e9f5eae331a1a0fd3f9f07c4848aea1c9c3f9f57cc5a2cd44f4b0b2

  • SHA512

    d5cde52954aee49abb29bc55b2df0dc6605cd457115908d41cb0f5a4ca21edb240deeaadf2cd90a6e52f533429e1653374cc247b7b8ad87631e3443ebb0db9cb

  • SSDEEP

    393216:2SLRuwq3Obs2ClJ1+TtIiF7uARuAUax6F4JH:zduwq3ObRqJ1QtIIuAkax6F4JH

Malware Config

Targets

    • Target

      34f9665f6e9f5eae331a1a0fd3f9f07c4848aea1c9c3f9f57cc5a2cd44f4b0b2.exe

    • Size

      12.3MB

    • MD5

      497dd79c09ba9ff77464f13f08deefdc

    • SHA1

      0cb617498da151695bc98dae0c56daba1242238a

    • SHA256

      34f9665f6e9f5eae331a1a0fd3f9f07c4848aea1c9c3f9f57cc5a2cd44f4b0b2

    • SHA512

      d5cde52954aee49abb29bc55b2df0dc6605cd457115908d41cb0f5a4ca21edb240deeaadf2cd90a6e52f533429e1653374cc247b7b8ad87631e3443ebb0db9cb

    • SSDEEP

      393216:2SLRuwq3Obs2ClJ1+TtIiF7uARuAUax6F4JH:zduwq3ObRqJ1QtIIuAkax6F4JH

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks