netsupport | e26ba05060518baeeb3775228cf9c12959e9ee3a25bd115e09b382b116d647cc | Triage

Sharing

General

Target

e26ba05060518baeeb3775228cf9c12959e9ee3a25bd115e09b382b116d647cc.zip
Size

2.1MB
Sample

250326-vj3y6s1mw5
MD5

b72c6546dd33a14a651fe7cad70bd09d
SHA1

645635b92670c100e810d8201645aef445204a05
SHA256

e26ba05060518baeeb3775228cf9c12959e9ee3a25bd115e09b382b116d647cc
SHA512

e7fb941705aafd4ce894ae83dd5e3e9e1c0863fbd3227700b28695ceb260ee25f0516ef2169ac725a9434c31a901181b2c01f378df8966ced4c023fb4e916109
SSDEEP

49152:5jW0xxRYrp7KVw469Y0CdS9tbezaSjp2BW79BfO+MBr96AD4:5qG7S2C99tbezP92BWaZhB4

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  71/AudioCapture.dll
- Size
  
  91KB
- MD5
  
  4182f37b9ba1fa315268c669b5335dde
- SHA1
  
  2c13da0c10638a5200fed99dcdcf0dc77a599073
- SHA256
  
  a74612ae5234d1a8f1263545400668097f9eb6a01dfb8037bc61ca9cae82c5b8
- SHA512
  
  4f22ad5679a844f6ed248bf2594af94cf2ed1e5c6c5441f0fb4de766648c17d1641a6ce7c816751f0520a3ae336479c15f3f8b6ebe64a76c38bc28a02ff0f5dc
- SSDEEP
  
  1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  71/HTCTL32.DLL
- Size
  
  320KB
- MD5
  
  2d3b207c8a48148296156e5725426c7f
- SHA1
  
  ad464eb7cf5c19c8a443ab5b590440b32dbc618f
- SHA256
  
  edfe2b923bfb5d1088de1611401f5c35ece91581e71503a5631647ac51f7d796
- SHA512
  
  55c791705993b83c9b26a8dbd545d7e149c42ee358ecece638128ee271e85b4fdbfd6fbae61d13533bf39ae752144e2cc2c5edcda955f18c37a785084db0860c
- SSDEEP
  
  6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  71/KBDURDU.DLL
- Size
  
  6KB
- MD5
  
  59e30a2594a3e76a4b8d8835190afb97
- SHA1
  
  cba348f45bb8c4d5cdd9d4a366b39120bff85cf5
- SHA256
  
  b41ed006e2cdcf00d8bb7d35d90b0519ec35bd5904e9a671391c811775df1b61
- SHA512
  
  41d6592a9b15edf5987e1fcd77156b40ace0a00a9f9fc427430063fb8e6d44277ffbd70f6d7224527d8d5af240060e609e9d8b87fd96268666695eadf8854dcf
- SSDEEP
  
  96:vjtXrcna5SwWMbofyNcTeDcWOCW/TqWwB:7tXrcnawzM0WFW/TqW4
Score

3^/10

discovery
behavioral5
- Target
  
  71/PCICHEK.DLL
- Size
  
  18KB
- MD5
  
  a0b9388c5f18e27266a31f8c5765b263
- SHA1
  
  906f7e94f841d464d4da144f7c858fa2160e36db
- SHA256
  
  313117e723dda6ea3911faacd23f4405003fb651c73de8deff10b9eb5b4a058a
- SHA512
  
  6051a0b22af135b4433474dc7c6f53fb1c06844d0a30ed596a3c6c80644df511b023e140c4878867fa2578c79695fac2eb303aea87c0ecfc15a4ad264bd0b3cd
- SSDEEP
  
  192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
Score

3^/10

discovery
behavioral6 behavioral7
- Target
  
  71/PCICL32.DLL
- Size
  
  3.3MB
- MD5
  
  9fd51c744919c5970c9e36ce157e24e5
- SHA1
  
  7d8a27a7b1b8ed3018daba5c042f9afa7dceacf4
- SHA256
  
  26be62e3e4f391f0846de757b7f1c0f94307c90d4912c02a9219e334db97b265
- SHA512
  
  018cad3a4fad73ffca43e30772e45c58ddf1bc0822c2b12ba8b76c4ed74a073c750667278554ec3abd11ffe833d80b8b27cfd707831500b16bcc064f8d765cb4
- SSDEEP
  
  49152:V21hUCiNqyYPoWIyr/QMKJWHaiuVou4Iw6TClTaccwSEN2jXBQ:V2LUCiN1OZr/QHcuVbUlBSZFQ
Score

3^/10

discovery
behavioral8 behavioral9
- Target
  
  71/TCCTL32.DLL
- Size
  
  387KB
- MD5
  
  60aea67e2659e1961369e04185c61adf
- SHA1
  
  3a786618a4bb174d7cabd2a4c44a3648155288b9
- SHA256
  
  8fd7f3eb1882755a8c5ba998409b20b240aed8ec025629b1679ea288ec2ae8aa
- SHA512
  
  9680ec392e3b3d887ba740d5bf50d4b73731128b91973a68d79362dd7eb7495aa0eedb8fdb954f6ce1c6d132b024fd67bac589f2fa2b2cdcc9565afeac5c9970
- SSDEEP
  
  12288:FpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNc:tpq7BaGIn4BbLneNc
Score

3^/10

discovery
behavioral10 behavioral11
- Target
  
  71/client32.exe
- Size
  
  117KB
- MD5
  
  a384eb33be4f98c4df33ac1b99d1c417
- SHA1
  
  94d786cd03f8dff56e4f97f5817894c482d5f6fa
- SHA256
  
  3acc40334ef86fd0422fb386ca4fb8836c4fa0e722a5fcfa0086b9182127c1d7
- SHA512
  
  c2ed6c0eec3922002ea55904bd935c54bcd317b5b3268dc4f02b0f0286bf0b54a4c23c834cf2e63e25de7f71244406aeca6801ad3794355432971f922583667d
- SSDEEP
  
  768:N6fVZl6FhWr80/SqUr2pe/3NPHDHf/ckkGr2pe/kPHDHf/ckS:070hGaq0ee/31jHZee/wjHm
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
behavioral12 behavioral13
- Target
  
  71/kbd101a.DLL
- Size
  
  7KB
- MD5
  
  e4f681853bd2257ec1212b2d2671985c
- SHA1
  
  3ef52e164b0ad479f0211dcef12d8a55a8bdd93f
- SHA256
  
  48add203079c73edcd05800b1a9b2e60c18a916a6e7e4c21be8fac3d6f60ab02
- SHA512
  
  35b36b45a59de3b243d2e77b754ba5e8f0ccd47bd5f5b02a80bca2080e0f45375f7223426612674794e67e42a2a1bec811739553f65b10de5382afb0a44eb90b
- SSDEEP
  
  96:vwKC1kenzketFbwXmybNcqDWrpMlWpHzFWwrP:HNenzketBs3W9FWm
Score

3^/10

discovery
behavioral14
- Target
  
  71/kbd101b.DLL
- Size
  
  7KB
- MD5
  
  62cca1467b39187ca5fbffede02b3895
- SHA1
  
  3f1c1bbb28a96522ab953c370e66c107c911201b
- SHA256
  
  3d166684470988e9f73250c62ae6e7ba9194acd2d3247aa772b8ffd4aef10fa8
- SHA512
  
  a5a903dd0da242f0b33a5887ab204956c93a1968c409dd2dbdf433024d12c14814135475fbbfa2976be16c25a484ec4ae11dd95dc065d5a16fe19fe2d784e836
- SSDEEP
  
  96:vzC1kenzketFbwXmybNcqDWrtayWwqe2WwrP:7NenzketBsKWi2Wm
Score

3^/10

discovery
behavioral15
- Target
  
  71/kbd101c.DLL
- Size
  
  7KB
- MD5
  
  ccac429694cac90d69625f749ace3106
- SHA1
  
  7c162e8b856df2f4b646e291b79f50d2b625a748
- SHA256
  
  1ce2ef4aca27191388e54d66726f415af5c921d5d29ec98d6e2a7eebd4d60358
- SHA512
  
  1ca16a8ca114bbbbce3c67d4e4261cc01879bab15547d5c3e9d8a2620d8a6bc3da49f1da850fa1ca60b693e80bebbabf3c0a94a311139fe9c76c590e95380fce
- SSDEEP
  
  96:v9C1kenzketFbwXmybNcqDWrCl1EWwtpHWwrP:lNenzketBsRl1EWSHWm
Score

3^/10

discovery
behavioral16
- Target
  
  71/msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  71/pcicapi.dll
- Size
  
  32KB
- MD5
  
  dcde2248d19c778a41aa165866dd52d0
- SHA1
  
  7ec84be84fe23f0b0093b647538737e1f19ebb03
- SHA256
  
  9074fd40ea6a0caa892e6361a6a4e834c2e51e6e98d1ffcda7a9a537594a6917
- SHA512
  
  c5d170d420f1aeb9bcd606a282af6e8da04ae45c83d07faaacb73ff2e27f4188b09446ce508620124f6d9b447a40a23620cfb39b79f02b04bb9e513866352166
- SSDEEP
  
  768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  71/remcmdstub.exe
- Size
  
  71KB
- MD5
  
  c6b00dcc026bc1dbb7bace7859e18414
- SHA1
  
  bb83b12d3bb6c79d6b4c968de9b6e9f0ebf4beb7
- SHA256
  
  82a5b0a5f16eb2045e74726cea1af7eda7ce93125f1d2480afeb168587928f55
- SHA512
  
  5514496a21a07c6d03962df78a3a4ade54e6ffe8b2ebc646c016185251c95f0708bbf737377499acb7b31931e2bfb3b5aa94c34d269e267731bac85a8d2baf43
- SSDEEP
  
  1536:WfanvXuNOwphKuyUHTqYXHhrXH4xLIygAo4wbioQ+E5sw8LQ+8iAG:ganPSpAFUzt0xLIygDiYQDG
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  71/rendezvousSession.tlb
- Size
  
  6KB
- MD5
  
  6c59d7bcb042f58fd8b15a0c88d2f894
- SHA1
  
  a136ee065a7afe46df98522d7bee9cb5c38e25de
- SHA256
  
  37a739fa482fb686c50c2c57346bacfddcb5ccd686eac71a28d4a40c0d3a1763
- SHA512
  
  120c5febdf53de5cb6898708f0c856a06af84cc64ebaefa91d87f8894f2d27efbfc26043979606007e3c36a573ca550dbdd0b5544d0dcf61eb7611e2340c6252
- SSDEEP
  
  96:IuEW9ukWwaAz1Rrq3Gto0a08DmPJQ7aFfE/X2MGgl9fK:IjWAkWDANtE04fCQ9GgLfK
Score

1^/10
behavioral23

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

netsupportdiscoveryrat

behavioral13

netsupportdiscoveryrat

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23