Overview

overview

10

Static

static

3

tzz1/AudioCapture.dll

windows7-x64

3

tzz1/AudioCapture.dll

windows10-2004-x64

3

tzz1/DMAppsRes.dll

windows10-2004-x64

1

tzz1/ETWCo...es.dll

windows10-2004-x64

1

tzz1/HTCTL32.dll

windows7-x64

3

tzz1/HTCTL32.dll

windows10-2004-x64

3

tzz1/MapCo...es.dll

windows10-2004-x64

1

tzz1/Micro...er.dll

windows10-2004-x64

1

tzz1/PCICHEK.dll

windows7-x64

3

tzz1/PCICHEK.dll

windows10-2004-x64

3

tzz1/PCICL32.dll

windows7-x64

3

tzz1/PCICL32.dll

windows10-2004-x64

3

tzz1/Phone...es.dll

windows10-2004-x64

1

tzz1/PhoneutilRes.dll

windows10-2004-x64

1

tzz1/TCCTL32.dll

windows7-x64

3

tzz1/TCCTL32.dll

windows10-2004-x64

3

tzz1/bridgeres.dll

windows10-2004-x64

1

tzz1/client32.exe

windows7-x64

10

tzz1/client32.exe

windows10-2004-x64

10

tzz1/comres.dll

windows10-2004-x64

1

tzz1/dmdskres.dll

windows10-2004-x64

1

tzz1/dmdskres2.dll

windows10-2004-x64

1

tzz1/imageres.dll

windows10-2004-x64

1

tzz1/imagesp1.dll

windows10-2004-x64

1

tzz1/iologmsg.dll

windows10-2004-x64

1

tzz1/lltdres.dll

windows10-2004-x64

1

tzz1/moricons.dll

windows10-2004-x64

1

tzz1/msprivs.dll

windows10-2004-x64

1

tzz1/msvcr100.dll

windows7-x64

3

tzz1/msvcr100.dll

windows10-2004-x64

3

tzz1/msxml3r.dll

windows10-2004-x64

1

tzz1/msxml6r.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7eb7a0ed01e80adb89b192b7876cafda055c00c1c5ce94d1a2f2f6f356643a32.zip

  • Size

    2.1MB

  • Sample

    250326-mvwp8sxkv6

  • MD5

    9adea3c9de85eb17530fec3431edb0a8

  • SHA1

    63cb4ee5a22ee310574f72bf28748608e57a7ee3

  • SHA256

    7eb7a0ed01e80adb89b192b7876cafda055c00c1c5ce94d1a2f2f6f356643a32

  • SHA512

    3aa8d9d04ed0094e3109de78a57005cc23d1a2b26dfeee5c00998396ab55696672add434bef79f8bd059fe773bda5abd7e8490f3a5c6b231eca7c302232cbae8

  • SSDEEP

    49152:AjW0xxpYrp7FVhEBNO9GAeuAGW4XpY2F8cMUCFQOJK02Wx8mWLawS6K:AqGHShENOzeuAGrXnF6uol564oK

Score
10/10
netsupportdiscoveryrat

Malware Config

Targets

    • Target

      tzz1/AudioCapture.dll

    • Size

      91KB

    • MD5

      4182f37b9ba1fa315268c669b5335dde

    • SHA1

      2c13da0c10638a5200fed99dcdcf0dc77a599073

    • SHA256

      a74612ae5234d1a8f1263545400668097f9eb6a01dfb8037bc61ca9cae82c5b8

    • SHA512

      4f22ad5679a844f6ed248bf2594af94cf2ed1e5c6c5441f0fb4de766648c17d1641a6ce7c816751f0520a3ae336479c15f3f8b6ebe64a76c38bc28a02ff0f5dc

    • SSDEEP

      1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      tzz1/DMAppsRes.dll

    • Size

      2KB

    • MD5

      c6505aff3f061aa51a6255ab43e81907

    • SHA1

      dca6f75566b30573b4df7138e41e8a8aa1f2bc4f

    • SHA256

      720474060eb76ff6835b30280cc0e735bdedfb822414823b9dd68c51b2a36285

    • SHA512

      5046c558c1a3cf9c108ca01ecdacf1de7f8124524920623f2d11b88102c0e480e507512e0f890f6b2d52d07cfe3e64ab28dc28800df19b486221fb9d1552acda

    Score
    1/10
    behavioral3

    • Target

      tzz1/ETWCoreUIComponentsResources.dll

    • Size

      2KB

    • MD5

      ee9cad75ccea298bc6972977bb0f7d87

    • SHA1

      e932fce3e3d7433ce07aaeface178555b5cef46f

    • SHA256

      e3d78b6b2dff753c979c9b54a1461a4d4542d83410c6a15dc97b3f84c3014fdc

    • SHA512

      0aa1e401429ea31b50ac39d621b81e76f1e91f322f9f5c9ff302f15b1d8c7bbc27465cafc50f5d6f20eaef4b41ac101c50d0fccf9ab5a5ab228bc3ddb36fc003

    Score
    1/10
    behavioral4

    • Target

      tzz1/HTCTL32.DLL

    • Size

      320KB

    • MD5

      2d3b207c8a48148296156e5725426c7f

    • SHA1

      ad464eb7cf5c19c8a443ab5b590440b32dbc618f

    • SHA256

      edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796

    • SHA512

      55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c

    • SSDEEP

      6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      tzz1/MapControlStringsRes.dll

    • Size

      2KB

    • MD5

      751b20887f8cd4c7dbe60c884406e684

    • SHA1

      e431e49afae48d4f99312cdfcd0d28fc028bf5c0

    • SHA256

      66c2cf82e04f7ade1c3dec195f1260ac88fd23890e755263fc6100a8a293b048

    • SHA512

      1c3cb8e7ca91ec97faec279a39159442566210926b1b3f24a94760d542573933ee6c78eb2372de482970cbe9efd12c6536e47b3dced0b213fd55b8b9b4598953

    Score
    1/10
    behavioral7

    • Target

      tzz1/Microsoft-WindowsPhone-SEManagementProvider.dll

    • Size

      2KB

    • MD5

      013710ab6de262c6e342571f1798d8c2

    • SHA1

      a798ad46810e0799d36e20a84ae2564200fcb32d

    • SHA256

      ca68eff48f1e5b6158cd0f45571805717a8364a3d34ed469f4c9e76cfe88fada

    • SHA512

      d7bfc08e077c9fbbef1954700363094f3b993619af654e4e0764d81696cb7247d83d1ea2c0c82b381defde7fbaf782b3e8c8c28fbdc1f7b167c8cdb8d0f4d5ed

    Score
    1/10
    behavioral8

    • Target

      tzz1/PCICHEK.DLL

    • Size

      18KB

    • MD5

      a0b9388c5f18e27266a31f8c5765b263

    • SHA1

      906f7e94f841d464d4da144f7c858fa2160e36db

    • SHA256

      313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a

    • SHA512

      6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd

    • SSDEEP

      192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      tzz1/PCICL32.DLL

    • Size

      3.5MB

    • MD5

      ad51946b1659ed61b76ff4e599e36683

    • SHA1

      dfe2439424886e8acf9fa3ffde6caaf7bfdd583e

    • SHA256

      07a191254362664b3993479a277199f7ea5ee723b6c25803914eedb50250acf4

    • SHA512

      6c30e7793f69508f6d9aa6edcec6930ba361628ef597e32c218e15d80586f5a86d89fcbee63a35eab7b1e0ae26277512f4c1a03df7912f9b7ff9a9a858cf3962

    • SSDEEP

      49152:xOHDe5Yr6tYA4S+DjdwfwBTNZaZQclSpmTIH:xOHDe5YrvS+tBQSEm

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      tzz1/PhoneServiceRes.dll

    • Size

      2KB

    • MD5

      9c4a672fb02b5df8eb8717d9a858cfb7

    • SHA1

      517927556b0baf4819f5b3c4a59a08bc2378775e

    • SHA256

      6d663799912f1771893e27314254afd862a408d897a52310769ace8170ab6cf2

    • SHA512

      922e15f22b27b81ea3aa2cb30dc00c7a64bd18ae4ecdb3b3dd17715f836947ce439b70e7c2c79ae434e32fcf8f8abf9c74dcccb51f97ba70a9e11461ccf68399

    Score
    1/10
    behavioral13

    • Target

      tzz1/PhoneutilRes.dll

    • Size

      2KB

    • MD5

      357441a9ff5db367551b5e856a9cd09a

    • SHA1

      ace6145456c8789f31ecafdbafd104cba0d64ec8

    • SHA256

      f4420763c56612be947935b9984c45496eef19921db6aa898cd4939308f17bf2

    • SHA512

      cf79e8d0742ed56afc82c948c902dc996619a137154f2deb058a70d2ffbfb324bd9cc0bb5b4146dc08a71ced5c479e66edea1781fab4115477c25a07cdb115d3

    Score
    1/10
    behavioral14

    • Target

      tzz1/TCCTL32.DLL

    • Size

      382KB

    • MD5

      405a7bca024d33d7d6464129c1b58451

    • SHA1

      22b64e211d96d773c510ac82e7a73f8debf4e4cd

    • SHA256

      092c3ec01883d3b4b131985b3971f7e2e523252b75f9c2470e0821505c4a3a83

    • SHA512

      3c8d4cbf377a8beb793c93b63d521ccd75167dec02da43bb91434cb6b0737ca2d61fa201f2825fd1a0ceaae768bb53d78f737e7c412aae83d3cdc748893f31e6

    • SSDEEP

      6144:/0pwbUb486Yu0LIFZf4TktH4aY384az44lstAZPVJ4hPueU12jXvbJaS0T9XjJpX:8pwbUb48Ju0LIFZf4Tk2aY3FasNAZtJp

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      tzz1/bridgeres.dll

    • Size

      2KB

    • MD5

      986a47df3c85d3b92874b5b1ec02c72b

    • SHA1

      c8399df5f584a0bd1b805d4cbfaaa6851ee3d4cc

    • SHA256

      a432aae81e3c7b6ad1ce9d33a98194015b1897868f00e84827409e7f427b5a5a

    • SHA512

      289ccf0b2e11f97064a4ce421d3d86247376214323fef5e98a8b8fde4d3a92bdc629352d857869a756ddcbc17894d3d6db893a1ac36a42bea174baa08693c383

    Score
    1/10
    behavioral17

    • Target

      tzz1/client32.exe

    • Size

      118KB

    • MD5

      a559b180e2eaa92da8a8ccd9ed42ae14

    • SHA1

      1cf9e47d1459143c2990cccbb97a989cfbb87fea

    • SHA256

      adc1763d5e1904244067bcf8e4d8a5b81ff1ec54b170c46ce770929f2058a140

    • SHA512

      ea58143f0a80c2ebcbc02cf804f7f18e7440711a66ae47fa5b930c26d4eca3138ae70ae39e2f6104f64cef6b899459b0e3c4b0bde09c4abe36d6cca7637f8b3a

    • SSDEEP

      768:X8j0+RvW6XhBBxUcnRWIDDDDDDDDDDDDDDDDADDDDDDDDDDDDDDDDDDDDDDXDJeJ:MpvWiLniepfxP91/bQxT4F

    Score
    10/10
    netsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport
    behavioral18behavioral19

    • Target

      tzz1/comres.dll

    • Size

      2KB

    • MD5

      594dc05001c49200b6617fc002b9d271

    • SHA1

      93e7b081f7dec0e6ea40ee7959c48fb9ad252084

    • SHA256

      b10acd7aa94ffa1155816ebdad9e11f0723b1676a214d9a02306b6f7141f1325

    • SHA512

      bb25a876b5e09fc079f3006ebe95973ed61a5a9430a15b185b7732d406c340c821e01198067997cc08f93a52f0227548a1bd57bd8f2a2662d484d172e78fb3f2

    Score
    1/10
    behavioral20

    • Target

      tzz1/dmdskres.dll

    • Size

      2KB

    • MD5

      abd13543f3ca0d2d1bfdafcf550a21bf

    • SHA1

      239dffcb4dbd60fd64c6f160ce167471b34c1c21

    • SHA256

      b38c7f6c1e3d4eb5b7d07de0ba10528fd3455655efe01101deed8de77b81fc99

    • SHA512

      61f4e932a8d82c840577a4f2597d46eaa84fe44ba5e9c4a4366cb93c1767c0b6aae80657dddfc6428f58dcf1853becd0be74cbfaad85b04ea746e040b82d13e8

    Score
    1/10
    behavioral21

    • Target

      tzz1/dmdskres2.dll

    • Size

      2KB

    • MD5

      926a1c208563fde04e0de620ddcd416a

    • SHA1

      4459a5c370fdea9a0c01ff2912c14a9d006f14e3

    • SHA256

      ea9c8b84d5d1ed617b107bbfae664c3fc32d33f6e5c8cd3aeee7006cea499ac1

    • SHA512

      fe29e86399a2de8b13606e32b8e811599f790ee6b5c1ceae4bb1233fe02c18bcf15d282b720baa2a6f925e88062d690ea9d498b31949aa2df17d9dbd87ce2dca

    Score
    1/10
    behavioral22

    • Target

      tzz1/imageres.dll

    • Size

      2KB

    • MD5

      620c454d6138083f146cd718cf3003e2

    • SHA1

      155c86d26602058d21ce2cb0ba097292f4374d4a

    • SHA256

      67c93e5c99187db024be2ddbf26020911d1f6e8836ddb2da2e51a87228c3182b

    • SHA512

      c5cc55a32d29ed228982b16c1599e3293cd4540c67307837aab3dd5b7f46d5f858c60a7dc205fd2ef62e2464ffc1da22a0949dd6cd861cccd477e1cc2596b258

    Score
    1/10
    behavioral23

    • Target

      tzz1/imagesp1.dll

    • Size

      2KB

    • MD5

      08b119c2db5ecd2b0b6f502487f3688b

    • SHA1

      def03a82ee71cf4727a8ba44284b676beca733a9

    • SHA256

      494b5be61b561db063677b15fa0093efde12edb921fb2b6fde8db9c50c5c9f47

    • SHA512

      b45581483c3af08f280e16491890fdbfbd7ed7c3fa62ad5a0acb10c3530c79221859565d5a8afb2eee2f649b83a65cd19ababe2041e5b11e5f87ce01f67095da

    Score
    1/10
    behavioral24

    • Target

      tzz1/iologmsg.dll

    • Size

      2KB

    • MD5

      39f3f6991d8bde8854a35eaee28174c4

    • SHA1

      204b396412eeb02595a175dae700072c0836b51d

    • SHA256

      b265cf7cd05d4553127745a779faad94338e7e5ac1b9042abc66c1c4b30950fc

    • SHA512

      8ce9756ac95179652b7c814cf6fa9f360ac34cc8fd78c60c242535068f0bd6b48c4a69115f6b4882705048c1aca638d4092d691a7a24a29f4efff471b6ddaacc

    Score
    1/10
    behavioral25

    • Target

      tzz1/lltdres.dll

    • Size

      2KB

    • MD5

      aefa87d7f5ed0e36f47328e719828b4f

    • SHA1

      6d1b5499984837496307992aa4744fa7d630d900

    • SHA256

      4f63d2ee31a9ef6c75a217822b97fddc489c29f263ba6bf935a480cfc82e9abc

    • SHA512

      c7889548948c18e7743047bb78bed496a1a9b4ecac36fb3b3bbba2cb04159ca70d5ff9fe3691fddaa490647b72fd8f12e296a1f6b2ec63f9cebf2d4c215fc4bf

    Score
    1/10
    behavioral26

    • Target

      tzz1/moricons.dll

    • Size

      2KB

    • MD5

      d06109b78a02cc8ce0d985bbf6bb0944

    • SHA1

      3a4cd66421092faab47cc9c3a38bd883f98fbfb3

    • SHA256

      c0b2cfee062de6cd55db9478def456855f8beb2e7e7fec8103ee6016dffb203d

    • SHA512

      ab4208687d1b91235f7493c20a3134cca12d32198f4f18c9e3923ba3960523bda5efe082294773f1f0a47e31fdcdd9b1c8eaf6fe859dece18c8b969f4d376b73

    Score
    1/10
    behavioral27

    • Target

      tzz1/msprivs.dll

    • Size

      2KB

    • MD5

      c478dd12b3c32e27dae46a3e2dba5d85

    • SHA1

      f3f640cf779c7901adf55844115f02d8c951675b

    • SHA256

      bcf51507b50e6d367137fdaaa471f5a08de3b398302b42fdea02fd7d00a487c7

    • SHA512

      85393456093bf692656616af62a5d3f59342b03d1899f8af782c70a08bd77c72809d0514fca86b047b27047f39ed42ddc4d38a3213561c7c5a8d62cf0e61ed9d

    Score
    1/10
    behavioral28

    • Target

      tzz1/msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    discovery
    behavioral29behavioral30

    • Target

      tzz1/msxml3r.dll

    • Size

      2KB

    • MD5

      c6080b638d55b218ef04eb727e36884b

    • SHA1

      058a401af449efb381a1cfb8c26d443de0f0070b

    • SHA256

      7f8f4e839a504b9c20854fcb2050ff7ccf142ef9423db12e9d649365fd475437

    • SHA512

      eef2b621b82aff08b0f441dafc94a4056b4a458c97ff20a2177dce2f270658e96693a43b1304173fbbcd7552ceae9ce594338bde857a1f1a27c3206395230576

    Score
    1/10
    behavioral31

    • Target

      tzz1/msxml6r.dll

    • Size

      2KB

    • MD5

      7993880ea16b77154187b5fbaa32533b

    • SHA1

      dc960bf8f3c32a343ea86bde33c0a4a3359ef675

    • SHA256

      4a4da495d879dbf9ec902ed6e3a4b77c0ea2738afe595e3de195a9354ed3744b

    • SHA512

      d72aaccb5880cc6f65ac51656912b1435dbbef0dab1a14d9d06394fc18cff36bb64ee946ac3454bdb54ed83def8813f7473f0cb3472952b3e48b4049b0467b6f

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

Score
1/10

behavioral18

netsupportdiscoveryrat
Score
10/10

behavioral19

netsupportdiscoveryrat
Score
10/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10