Overview

overview

10

Static

static

1

WinSCP.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WinSCP.exe

  • Size

    14.7MB

  • Sample

    250401-wpg5bswk18

  • MD5

    f403912d1570d0647f116861eda635ea

  • SHA1

    e897dcc76d701eeb42ca6054d0c03b5432d5ac77

  • SHA256

    9fb97ddbe7875a6162a0f6803c1e1679d6e8797c473b676f9d51ca77691abfeb

  • SHA512

    030fa4bfe478f94fe0e4576ddc04d0122fb0f82e4c851f928b5d9f4ef6f35306fe48401f18392df686d10ba819f9a746e0a984133f8ad2b58cbbc14932264c93

  • SSDEEP

    393216:m5T8wpghFBv8SsIj5sGBx+7oe21j4oSfLjq3eamv:68wpghFB0RACH7on18oaLW3eaC

Score
10/10
netsupportdiscoverypersistencerat

Malware Config

Targets

    • Target

      WinSCP.exe

    • Size

      14.7MB

    • MD5

      f403912d1570d0647f116861eda635ea

    • SHA1

      e897dcc76d701eeb42ca6054d0c03b5432d5ac77

    • SHA256

      9fb97ddbe7875a6162a0f6803c1e1679d6e8797c473b676f9d51ca77691abfeb

    • SHA512

      030fa4bfe478f94fe0e4576ddc04d0122fb0f82e4c851f928b5d9f4ef6f35306fe48401f18392df686d10ba819f9a746e0a984133f8ad2b58cbbc14932264c93

    • SSDEEP

      393216:m5T8wpghFBv8SsIj5sGBx+7oe21j4oSfLjq3eamv:68wpghFB0RACH7on18oaLW3eaC

    Score
    10/10
    netsupportdiscoverypersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks