netsupport | a90d3e33a6c592ff22eff49ecc9cb35bb9308445eb1bc1481c82c9b1b0aa21a5 | Triage

Sharing

General

Target

a90d3e33a6c592ff22eff49ecc9cb35bb9308445eb1bc1481c82c9b1b0aa21a5.zip
Size

1.8MB
Sample

250327-ax6a8sxmx7
MD5

addc01dbac150e3e47ab23a6d6e969c9
SHA1

51210b94baeb6d0bc9464d0afbf0c5e681d2cc41
SHA256

a90d3e33a6c592ff22eff49ecc9cb35bb9308445eb1bc1481c82c9b1b0aa21a5
SHA512

b929178017b77cdfeff56f3311d458359d1988a94397250ea664bf4d6f73fdf51abdfb0c41d6532305670322c9cc99f12ad16045ed5c6aadf9f455e769ec9d13
SSDEEP

49152:XLBm1q2DN2REoRYyz9LmS1SklrYVXm/PP2B1CrlE7gWYibXe:bBmk/REqRP1ZlUmn+7CrPRibO

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  672eebccfb00a9a4cc11fec4232eff3c87f7870d1cef4c647d364801cab814ca.exe
- Size
  
  2.0MB
- MD5
  
  1a44217a97c294c528d5da09590e64e7
- SHA1
  
  a9de727fae19a1c953bbe6cfb559906428f09e52
- SHA256
  
  672eebccfb00a9a4cc11fec4232eff3c87f7870d1cef4c647d364801cab814ca
- SHA512
  
  42449580828f386daf00c68c6e2688c67e577dc921f035f1b487868eb928cdf0113953bf8bfdd9500ad82acbf417605e7e8b5196cff47c6c9377a33e5dc26134
- SSDEEP
  
  49152:KxcPjL9f3YkubCggt+k0F6eYClIKzEWHoimigmkV+:Kxcf9/YPbfrkI6e1VzEWHoiLgmkI
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryrat

behavioral2

netsupportdiscoveryrat