netsupport

Sharing

Copy URL

Twitter E-mail

General

Target

2mprext.zip
Size

3.9MB
Sample

250327-sxqjwswnx3
MD5

a164b787f105d100deddd4565fb03a91
SHA1

fef861817ef59ebb6728016114cbe084fd6d54b7
SHA256

4c048169e303dc3438e53e5abdec31b45b5184f05dc6d1bc39e18caa0e4a3f3e
SHA512

ceb1542d11f0936c3331d3f9348fced60ca004d0277f6bfdc9d2db5a26067173603e694890800e836063d959a8f3f9f410e29cd8ed80232b692955a5aa32280b
SSDEEP

98304:iNaVhf2UFphec4Qkeooc+tfU1KxLLCk1Vd6SI:iN+hvjec4teJftfYKxPXXdu

Score

10^/10

Malware Config

Targets

- Target
  
  AudioCapture.dll
- Size
  
  76KB
- MD5
  
  2a82792f7b45d537edfe58eb758c1197
- SHA1
  
  a039182d4d1ef29c6d8c238f20f7b8218c28f90c
- SHA256
  
  05aa13a6c1d18f691e552f04a996960917202a322d0dacfd330e553ad56978ed
- SHA512
  
  c6c6799b386e0d6489d9346f1d403b03b9425572e7418a93a72c413a4b9413945aaf4ea97a7d7b65772e5e3f00cff65f180f6fef51a26d4fdc2ff063816b5386
- SSDEEP
  
  1536:96Y+zbZm8/v/k957pyPkLDfORFMTlrSWqNj5CdnTrioQ+ywlj5CdnTXZQ+8iA:96Y+HQ8/3k9RppYFclrLqNj5CdnTrIwp
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  HTCTL32.DLL
- Size
  
  306KB
- MD5
  
  3eed18b47412d3f91a394ae880b56ed2
- SHA1
  
  1b521a3ed4a577a33cce78eee627ae02445694ab
- SHA256
  
  13a17f2ad9288aac8941d895251604beb9524fa3c65c781197841ee15480a13f
- SHA512
  
  835f35af4fd241caa8b6a639626b8762db8525ccceb43afe8fffc24dffad76ca10852a5a8e9fc114bfbf7d1dc1950130a67037fc09b63a74374517a1f5448990
- SSDEEP
  
  6144:Jd0nVF1ZtRq6itu9i3uxUnNPhMKj8TwFIKhJ08fvF0dGhZUbol:JYZrokUnNPhMY8TwFIcJB0i
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  KBDTAM99.DLL
- Size
  
  7KB
- MD5
  
  ccc736781cf4a49f42cd07c703b3a18b
- SHA1
  
  6ad817d7e8b7e9dc978763305a4cd4f1ab9abb66
- SHA256
  
  000c4b5b50966634df58078511794f83690d693fccf2aca5c970c20981b29556
- SHA512
  
  39245c4ba554a5a178310af2b8578401360bf60efda427332249eca02d6d65e4b419270ba648e4ad36aacca810133f8e4404372dee98a3648c1e4a9b85dedccb
- SSDEEP
  
  96:Ze+NFyw5fGU1irzSJ39uEMpi4nKW8cWwBvv:ZrNgUiyJ393W8cWq
Score

1^/10
behavioral5
- Target
  
  PCICHEK.DLL
- Size
  
  27KB
- MD5
  
  e311935a26ee920d5b7176cfa469253c
- SHA1
  
  eda6c815a02c4c91c9aacd819dc06e32ececf8f0
- SHA256
  
  0038ab626624fa2df9f65dd5e310b1206a9cd4d8ab7e65fb091cc25f13ebd34e
- SHA512
  
  48164e8841cfc91f4cbf4d3291d4f359518d081d9079a7995378f970e4085b534f4bafc15b83f4824cc79b5a1e54457b879963589b1acbcfe727a03eb3dffd1c
- SSDEEP
  
  768:X52mBHj1XCdnJ8EriRGp9E+l/kaTj1XCdnJ8EZp9E+8iROA:JPBHj5CdnTrioQ+l/kaTj5CdnTZQ+8iX
Score

3^/10

discovery
behavioral6 behavioral7
- Target
  
  PCICL32.DLL
- Size
  
  3.3MB
- MD5
  
  1274cca13cc5e37ca94d35e5b0673e89
- SHA1
  
  a8754c94f88273c304bc45a5afd61a383bb52117
- SHA256
  
  cd5510c8bc7ea60be77ad4aab502ee02d871bf4e917aeeb6921c20eebd9693dd
- SHA512
  
  52eafa31ee942dc92d0b8f52c12206f6abc1d5fae799b37b371e97c38ce66bd0693263de86b4880748ba1405054701288caf2cd00cd327edc164e1390cf9191c
- SSDEEP
  
  49152:MTKIG4K8I37tlHf2ikvy7V/lE8gHT4RaCg6cOWSbWc/id:MTKIG4D+tlHfnR/lE8tHgkWSP/i
Score

3^/10

discovery
behavioral8 behavioral9
- Target
  
  TsUsbRedirectionGroupPolicyExtension.dll
- Size
  
  13KB
- MD5
  
  d89cda3ff8427da82de6cce39008c5bc
- SHA1
  
  33889517517b8953707796d12d6907b039c715d1
- SHA256
  
  f44cc1e23d0d192dcfd84069b27704cd0b2a8e7720eee43656f57cb474433762
- SHA512
  
  4a73be7228960719236f39abc6dba7741498d3a3539f7bcc31b6d28a2574e41e4f85e6c2e0fbcffe9ba3b6a646fa3fa078adc0a53c46a4676b871fb92e11fe4f
- SSDEEP
  
  192:wWMcTgQEri3hPkpzRK7KVM6cqm+saSLysnlsam4oIWa+W8:wWpTgTu3ypzRo61mVag9Jm4oIWa+W
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral10
- Target
  
  WiaExtensionHost64.dll
- Size
  
  11KB
- MD5
  
  5d084613c0e5c8c3022d9e0f316b0e23
- SHA1
  
  784dd38d9e553eb4b8955320fb596ae4e6854f23
- SHA256
  
  07bc4dc48d5d9bcc2ce52ca8a0f925ca021092dc34cb811e183cbc0d32e576ba
- SHA512
  
  263d3de392b5a4e40e9fbd791062b2731f27410e977dbdacb61810d1a1c2cf24658d8abf5d09a99a18ff7a87c122d9b6744d40723c1637621c5feb327fad752a
- SSDEEP
  
  192:A21YiMppUPSz/pO6IsVTHzdZpCIdglelWWaCtW:AviMppB/w6NTTbXlWWaCtW
Score

1^/10
behavioral11
- Target
  
  cache/avformat-53.dll
- Size
  
  187KB
- MD5
  
  c5ccb86cd745746b9908031a54315f90
- SHA1
  
  d00147298fc236730a4076d5a03444ac970d053b
- SHA256
  
  ac1f83180e07ac2b3d1e6f80f94aee0b2591be13e8a1fe63998cf7f0a9f18f1e
- SHA512
  
  bcf3b40b241cba632d9fe15426d28f2ce4460523fcb1992d29ba2d85f9ee2973c7c23be0013319a973a11d2eafe882cf611d976ccb5e5877d393a035d652cbcf
- SSDEEP
  
  3072:sr928cq80ZkRaW391QjTnXPXFvbZ8/pLGVg+QwRlkR6j7lA8b:sr929YWaW3YjzpV8/YVg+wR6j7lv
Score

3^/10

discovery
behavioral12 behavioral13
- Target
  
  cache/avutil-51.dll
- Size
  
  121KB
- MD5
  
  2a8b8a15a58edf3b443083ec29894e54
- SHA1
  
  b63a322d66472fbd2fb7723847af0f995bf9bf84
- SHA256
  
  84e6875f1869b8cfd73525f0c04f1bf2cf0d0d08b1226f62cfd44ff14fe0345d
- SHA512
  
  6209dc4e3ddfa585eea3cdb26fe1b731962be4a0e39b561de6d16451e48cfcf0459f474fab54f97babff87b969365895737f57d6a22c26b57cb3447230f0aaed
- SSDEEP
  
  3072:ifLOXurSBlfHfG2N1X5S4RvSCzdPV0VXkjf5dF:MElt3SsDdPVLjf5dF
Score

3^/10

discovery
behavioral14 behavioral15
- Target
  
  cache/binkawin.asi
- Size
  
  54KB
- MD5
  
  f415f94065be11ed9a3b55a5d9baeae7
- SHA1
  
  7b19544d4977bc8d6e44613af17bbf28b301a02f
- SHA256
  
  1aba951f3d3de59aec6c3a77133241dac6949dd4b1d158a77b646ad1ec7c5371
- SHA512
  
  1c6b1d7f440b438a254bed691df2aeeef0c33664dec74a2b26625d3db9f6ce00535e3a3a72050398ace50fa599abc405bfb3d1db60480b4e74f66183bffad086
- SSDEEP
  
  1536:H3bvmwj9cj4644BAOpmE88YNxf9a8YXGFu0HXwbJoeQ3fr0:H3nj9o4644a2m78idc8LFu0HXm
Score

3^/10

discovery
behavioral16 behavioral17
- Target
  
  client32.exe
- Size
  
  117KB
- MD5
  
  1c19c2e97c5e6b30de69ee684e6e5589
- SHA1
  
  5734ef7f9e4dba0639c98881e00f03eea35a62ee
- SHA256
  
  312a0e4db34a40cb95ba1fac8bf87deb45d0c5f048d38ac65eb060273b07df67
- SHA512
  
  ab7240b81be04f1bced47701a5791bbeedcba6037ee936327478c304aa1ce5ae75856ca7f568f909f847e27db2a6b9c08db7cc1057a18fab14a39a5854f15cba
- SSDEEP
  
  768:mfVZl6FhWr80/Lqar2pe/KLKFKcMkuNr2pe/PNKFKcMkM:m70hGTqaee/CIr4ee/VIrI
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral18 behavioral19
- Target
  
  comcat.dll
- Size
  
  10KB
- MD5
  
  835ff05a3f5e16e0fe41e515ea398bd4
- SHA1
  
  e025cb17bbb01a1b5715ebbc745272a8611dae6c
- SHA256
  
  8dcfb1e6aa965df4bd4c0551d03bdfd6472c80219ada4671910958688fbb4ab6
- SHA512
  
  e6a7002316b05759c433b3e0516843a14199ee4b23315d799b533a52f9932f4715fc8aa5fae96892901ac67f0dae6d239eb37fc722558cb7c9dd906564719cd1
- SSDEEP
  
  96:j6cuh8B0DNcU2QD6SNkdSWn+smK/4W70ADlqNXEWPT0lF+WwUL:jLuTkDSNkQ+h4WoADlBW7a+W
Score

1^/10
behavioral20
- Target
  
  getuname.dll
- Size
  
  11KB
- MD5
  
  91c68038bfc064ea8fb6d432acd38ee0
- SHA1
  
  4df7e33b6e325f31231eaaab366e2e710955babb
- SHA256
  
  68de057c4175d4c94afa2acb2abc1a9ccac04a3ceb8e84c33f7f414bb8b0eeb6
- SHA512
  
  002aef67593058c88b980a4107f1ca4ddfec5268456f76d1d358179e00ea2a0cd64c93fb31a7e78055885cfd508c90a7b19c6c6fa7a5a3c3ffa305677a0955d2
- SSDEEP
  
  192:f3emo46V4w9263FeVpszrEc3YDtmWIdW:Vocw99e8YRmWIdW
Score

1^/10
behavioral21
- Target
  
  ifsutilx.dll
- Size
  
  16KB
- MD5
  
  27a7213091cda31e84967bead4d29bd1
- SHA1
  
  e705e0fd25167c8cdaf984f067e3bdf4be8558d3
- SHA256
  
  42214053995b6188b2e20935ca8c92af77639f0d5541a132920a5cba2cfcbde6
- SHA512
  
  a16ee540cad2661f3d31071aed3b2f30ea5c0f068f51a350ef693fb83df30ce97ea4701714091ed0ef4a0806d908d93691beb0d8060b5ec73f62422477c8f3ce
- SSDEEP
  
  192:peIxDV4pntj/Hi3SbYMS9HERLChPjuARtNlvJy7VfYN7EcX2D1WsZW:peIxp4pntja35JExChjhtWYNZ2xWsZW
Score

1^/10
behavioral22
- Target
  
  libEGL.dll
- Size
  
  493KB
- MD5
  
  4291d4ba9edbcf567fb9f2397c168431
- SHA1
  
  9903889a223dd4083ad011060d3b9fcefa34953f
- SHA256
  
  fd626c18e2c6ae437d288dfb5a9f4039bd5a3a68d01183a18cc25fb37ca48cd7
- SHA512
  
  fab2151159973e6ce6ef8759548a44be8d09ca7577c451391c26d7d384f2efebfc0554b14e9fafa53428adf8f61deb27b32d001a58b2d94b1e1af20023caf26d
- SSDEEP
  
  12288:i4ufaxKM0UUQLjS2K0oa2fVE1M8mCL55ZHb3:/xKM0UUPooFa5ZHT
Score

1^/10
behavioral23
- Target
  
  libssp-0.dll
- Size
  
  15KB
- MD5
  
  d37b46aaa0276d199d13ddbc06b53fb6
- SHA1
  
  5b37e302e826488bca5f29a1fe6c9d3e3037979e
- SHA256
  
  e1b206a63410bdb6d91a7a61941e7329b3309d93d43b4a1d35df890713c0a1f1
- SHA512
  
  819a5cd39f61f2de2203029fc2788612a2355b85c7f9f499a9e72cb4ef5c182610d72e8a0a592eac9e006853e5fd993ea471d5d1f2be5af9ea5367e3e2d8f7b0
- SSDEEP
  
  192:sYRdUKvxkxqf6JAHTRhrrgDdVnwqKfIPf+91wjQtOqH7UaG8xBtq:lRdfEOpzRhr0frckf+PhtOqbBxBtq
Score

1^/10
behavioral24 behavioral25
- Target
  
  libwinpthread-1.dll
- Size
  
  54KB
- MD5
  
  ec5d913ae28217edee26445e1c151aa5
- SHA1
  
  db042629b0d6dfe7281fcd773c51e7e9d2304a60
- SHA256
  
  1328d7628ec5aeeb2ed7489cc1a3b11a242018d30e073e530356f0c1756505ca
- SHA512
  
  7b9b234da3061431488e3ac24c5e2a9842e00c8c57fc19ff34a32c32cac32707a7c40f4ad2b1b835b23e43a2c74ccd78b127af737126f33ca3d961d3e31d121c
- SSDEEP
  
  768:JH2fEUrzSpNTGxJRo4ajA1/0BiqMw+iescZ7SzORRRMwRHrzPm3YTL3dU:QfFrixgaU1Zp7xvHzPm3YPdU
Score

1^/10
behavioral26 behavioral27
- Target
  
  mprext.dll
- Size
  
  13KB
- MD5
  
  0eabd6ab464758f058fc039a47f61750
- SHA1
  
  51bc562a59e565e3f39a54e4c788896b8803354b
- SHA256
  
  f96e8d99b736e4ce7997bb1de65d88c32e16f1f725d8bd98f52c39a02969fd87
- SHA512
  
  f5a038615ecbb72072ef2a72d166cabbfd26aa879f28c911a26db71581cb8b93b7554b1cfa1517b063fdc5f942281e7d409e70c998b8273fe9ee6a0fc61a00fb
- SSDEEP
  
  192:t2sVilvoSG4X6ryFKdEwFQnuyfc38EcX6mWf3W:t7Vilvo74XAyOFQfc3U6mWf3W
Score

1^/10
behavioral28
- Target
  
  msidle.dll
- Size
  
  11KB
- MD5
  
  b1c1bb1ef2ac2d739aeaed77c33c1848
- SHA1
  
  efa181a1ea01e02cd44614f80259ce794b7a455c
- SHA256
  
  cd8d7caebfeb4eb9124ba3e025aff68dde554a8dd6b3365654bf936200c4e563
- SHA512
  
  f4e24c508248e6f331aa16ed01c7cdc6cebbc4cd09dfa9f511d02544e2c04eb36c9480ae71d9ddef039a1e9d6e0324179a9ba0f1c323e20c4bbf813a154e2fc0
- SSDEEP
  
  192:PtHC6MRyx1TTmcWOznzYuhcGZtEclABY5Wx46QuW:g68yx13maLX1ZhAa5Wx46zW
Score

1^/10
behavioral29
- Target
  
  msidntld.dll
- Size
  
  5KB
- MD5
  
  504e51418d856d664db23dd55a61352d
- SHA1
  
  522c0fb1ed2b9594e7a2aab9481883da57d8ca23
- SHA256
  
  f190e142f402de460455ff2d1835294a3e118ba74d76aa092af49372bb9b76f4
- SHA512
  
  28bebb26eeb8ba97fb0ac8cc4869576d3cc58cd7c0fdce988f6fe160c7b426c2a3906799ca021a65a26394cba266dfa3d3e58790ec41c7eb7ecd0fbd89d6e0db
- SSDEEP
  
  48:Cc9m3IIuHkvrQ5yHqO2JsYa3yBk2lFIZWxHtNukt685WwHg6ab:Rm4ZEvrU/bTaiy2HEWhtDdWw3
Score

1^/10
behavioral30
- Target
  
  msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Netsupport family

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32