Overview

overview

10

Static

static

1

64e5b32569...05.exe

windows7-x64

10

64e5b32569...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ae306cdc7fb28fca941a4475d903f1bf1c793b1406224400f7df0f8a1d403fb.zip

  • Size

    6.5MB

  • Sample

    250326-jlg9pssp14

  • MD5

    4e484e7394f1ed53d18b5e8b1bb88091

  • SHA1

    b38ac0a6c4e5fc188661ceae2d2a5acb0f342061

  • SHA256

    6ae306cdc7fb28fca941a4475d903f1bf1c793b1406224400f7df0f8a1d403fb

  • SHA512

    cf4f058dfeeabd4a881e6cb2f18befa5b7da9ae4737bba731d65a9e0ff61ea6440e9be4ff4448187162c71c4cff0f9f836bf0f8f63df212174e5f17c4e8b407c

  • SSDEEP

    196608:uhfG9v3p4ZUSOI4i43bgUa3jy7/aJUXgaKp:uov3SWSOI4inUlgaI

Score
10/10
netsupportdiscoverypersistencerat

Malware Config

Targets

    • Target

      64e5b32569d9f0f8494b23e6ed44b0f5ab5fe96308751cf3c0b0bdbe82d88605.exe

    • Size

      7.0MB

    • MD5

      7b3fad053f48326b3d69ce2ef83baf38

    • SHA1

      304a1b55953b91822ee9b3eb4f8c6162eb39cf3e

    • SHA256

      64e5b32569d9f0f8494b23e6ed44b0f5ab5fe96308751cf3c0b0bdbe82d88605

    • SHA512

      0550fd571aed1a96a7925b4d3310bfb35132366cf48d072b6304a5337082c5d9b4c286e61a569c5152e9c1523894aad64a810aed6646cd1c86235bd42ddba9fb

    • SSDEEP

      196608:ad/tGPPLAczgTTgvlHcQZyu2WyYGqGgujZ+FT+8LsOxtl:uULJcT0vlHtZyu2FLv5jtotl

    Score
    10/10
    netsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks