netsupport | f8c156a24253f921669a79444ae536d110d07374f7794efaa5304c7f9b322a67 | Triage

Sharing

General

Target

f8c156a24253f921669a79444ae536d110d07374f7794efaa5304c7f9b322a67.zip
Size

1.8MB
Sample

250327-x6wjqaxsay
MD5

ea6c956c6f7b288a815ad653e8d27684
SHA1

86adcc004389ad41e3f82f4272eab2f5025632c5
SHA256

f8c156a24253f921669a79444ae536d110d07374f7794efaa5304c7f9b322a67
SHA512

359553079671cc6623a8ba1226488819915c8fdbc2ce1ecf6c77d635be983c78a2cb2a9fb1b3a99055461e2ae23c6bc00056092a870190022a0645ec701ba223
SSDEEP

49152:0i5eAB/+/H5pWv5sKy8ny8qns6JU5OEhw6wIxtkNmu:0i5NBG/5pa5sKFnG2Mf6jxmNj

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  2bc947ba8cdd40b69936dbe365357961bdc99eb38fe999d9b906d10c5325a10e.exe
- Size
  
  1.9MB
- MD5
  
  7316b45b7d5e0f62830212d2c5ba09ef
- SHA1
  
  f19c08928ecbb3e7abe26dba90766a6e8f3a098d
- SHA256
  
  2bc947ba8cdd40b69936dbe365357961bdc99eb38fe999d9b906d10c5325a10e
- SHA512
  
  0f4d8b49078dc9a4c509da461dc39105c13faa7000a0f582773b029a1a8fd1384d083eb50641bead19b36193af8ff2ef2efec8b5ab6e330153f9ef0f890219af
- SSDEEP
  
  49152:lRglK/V+UA15JEKnBPEDY08BTGvSNESvgN:lRH/VxgEKneY/BTXNESoN
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryrat

behavioral2

netsupportdiscoveryrat