Overview

overview

10

Static

static

3

17264370c9...b6.exe

windows7-x64

10

17264370c9...b6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a0952208cc492c33adfdc76a76658ce8da84151cf16b28bb374978f197cb0e2.zip

  • Size

    1.9MB

  • Sample

    250325-xgzj3strv4

  • MD5

    f29b8e58ce47ec1deee3669f8633a157

  • SHA1

    ca0a44fe074ef12c315e0b96f9ca37e86860c416

  • SHA256

    3a0952208cc492c33adfdc76a76658ce8da84151cf16b28bb374978f197cb0e2

  • SHA512

    4909782a7881eb9d3a6637a912a8fc5562d1c1eb3272c0683ccba2e1d98d5086e24403f7d2acaf40a841aed4c3171fed9fd4b0ea8365dca36fa2dc8341be75df

  • SSDEEP

    49152:JRDMvFui7Xi+XoRQAdrcwufRZ5sfI7eU6KE2EKZMW8TY2TxVs:JRDMvQiLXoB2PfRZ5CICU6KHHZ9cPns

Score
10/10
netsupportdiscoveryrat

Malware Config

Targets

    • Target

      17264370c9ff4397dd46337197a100b74a656b65718b6db9f3fd5a3a1bbeceb6.exe

    • Size

      1.9MB

    • MD5

      85fd24c38b6623fa4797cd59e8385a12

    • SHA1

      70ea05f032ebb27ce6e30712a1b8d1b5482722a8

    • SHA256

      17264370c9ff4397dd46337197a100b74a656b65718b6db9f3fd5a3a1bbeceb6

    • SHA512

      5393fb41143a211684947f24d5d26c4478eddb989d723cac3301dc16b1a318c34538699a44d766597bdfdc210962ce4a7286758d03f9c47dcce4dd7bb9d34de3

    • SSDEEP

      49152:dMYglK/V+UA15JEKnBPEDY08BTGvSNESvg5:dvH/VxgEKneY/BTXNESo5

    Score
    10/10
    netsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks