Overview

overview

10

Static

static

1

Chrome 134...076.js

windows7-x64

8

Chrome 134...076.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chrome 134.0.6998.06076.js

  • Size

    272KB

  • Sample

    250327-md1mvssnw5

  • MD5

    42c7cb5bf47f4cb1bf513b50681bdfac

  • SHA1

    ccfbcb44daab190c51fd80c3064f435d44a46860

  • SHA256

    a6f1f68827303e655488c8d54b3be3ce8b1097f3ff374a2e4bc82ff96812781c

  • SHA512

    c2bff53ea8c1b09c2d034ca398d5f8ac409eb25c5aae96a84deba66bf5b151c665d9f9e76ae78dbff3c00a28ff9cf9dd89fb97ee8f8c411bd8c1a6e01e0c5db3

  • SSDEEP

    6144:hap3Ih6n/cSCP4wlyT/jd4OflUa2QGFmmaxJFa8FBIPI1fdAT2stiQw:hFlS4OfhsFmdv31fdA/tTw

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Targets

    • Target

      Chrome 134.0.6998.06076.js

    • Size

      272KB

    • MD5

      42c7cb5bf47f4cb1bf513b50681bdfac

    • SHA1

      ccfbcb44daab190c51fd80c3064f435d44a46860

    • SHA256

      a6f1f68827303e655488c8d54b3be3ce8b1097f3ff374a2e4bc82ff96812781c

    • SHA512

      c2bff53ea8c1b09c2d034ca398d5f8ac409eb25c5aae96a84deba66bf5b151c665d9f9e76ae78dbff3c00a28ff9cf9dd89fb97ee8f8c411bd8c1a6e01e0c5db3

    • SSDEEP

      6144:hap3Ih6n/cSCP4wlyT/jd4OflUa2QGFmmaxJFa8FBIPI1fdAT2stiQw:hFlS4OfhsFmdv31fdA/tTw

    Score
    10/10
    executionnetsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks