Overview

overview

10

Static

static

1

5c059a6d58...28.exe

windows7-x64

1

5c059a6d58...28.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c059a6d583afa2014badd301e7bb48a1b9d65ad64f9f91a334daeba23ba7828.exe

  • Size

    5.8MB

  • Sample

    250325-qcva8swxdx

  • MD5

    12afc85150014805837509fcfc32b84d

  • SHA1

    e9d2a1937a953994e49f47d766f3aad210a7ea24

  • SHA256

    5c059a6d583afa2014badd301e7bb48a1b9d65ad64f9f91a334daeba23ba7828

  • SHA512

    e531993a901f418d60a10c70e3f32a47955da11462f8c9a9025c09078c0ffec7cc697bc9dbd98c020650735d53bf5eb4bf666abcc68bdab96130aa2163517e75

  • SSDEEP

    98304:qd/eb1j56MtaOMMsiz8Y9fxLOIWw/ltGs0A8NZpcl+t9mjb6eZUpVbuhKm4LwalY:qd/eb1j56ibMMsA8YzOIWwp8NZp79k6F

Score
10/10
netsupportdiscoveryrat

Malware Config

Targets

    • Target

      5c059a6d583afa2014badd301e7bb48a1b9d65ad64f9f91a334daeba23ba7828.exe

    • Size

      5.8MB

    • MD5

      12afc85150014805837509fcfc32b84d

    • SHA1

      e9d2a1937a953994e49f47d766f3aad210a7ea24

    • SHA256

      5c059a6d583afa2014badd301e7bb48a1b9d65ad64f9f91a334daeba23ba7828

    • SHA512

      e531993a901f418d60a10c70e3f32a47955da11462f8c9a9025c09078c0ffec7cc697bc9dbd98c020650735d53bf5eb4bf666abcc68bdab96130aa2163517e75

    • SSDEEP

      98304:qd/eb1j56MtaOMMsiz8Y9fxLOIWw/ltGs0A8NZpcl+t9mjb6eZUpVbuhKm4LwalY:qd/eb1j56ibMMsA8YzOIWwp8NZp79k6F

    Score
    10/10
    netsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks