netsupport | 53e9511401000f61c9d910b92cd6d5a58e38ae541975135944885e53fa91ecb7 | Triage

Resubmissions

03/04/2025, 21:45

250403-1l23jsxk14 8

03/04/2025, 21:42

250403-1kssgsvsas 10

Sharing

General

Target

Chrome 134.0.6999.57052.js
Size

1.0MB
Sample

250403-1kssgsvsas
MD5

5f024aa8bd4b5eec7abcb33a28c3b2e4
SHA1

705218791dc6d4eccd0823a66fcaf3f3c6f42881
SHA256

53e9511401000f61c9d910b92cd6d5a58e38ae541975135944885e53fa91ecb7
SHA512

24a9858e4e62da8732f0b6295f9ef9ff0f2436a1a9be4d626d5493c08c5a260807856fead2f666afd06088c23949ae19215388ff23b08d3b1d629d81629b19ac
SSDEEP

6144:Wb6NJhIrDjyeLyXyberDq91ItXMIX+CdppUyM4JMRUdt0FjyD0EjpQahloWbGhIW:5DUiZDWi0

Score

10^/10

netsupport discovery execution persistence rat

Malware Config

Targets

- Target
  
  Chrome 134.0.6999.57052.js
- Size
  
  1.0MB
- MD5
  
  5f024aa8bd4b5eec7abcb33a28c3b2e4
- SHA1
  
  705218791dc6d4eccd0823a66fcaf3f3c6f42881
- SHA256
  
  53e9511401000f61c9d910b92cd6d5a58e38ae541975135944885e53fa91ecb7
- SHA512
  
  24a9858e4e62da8732f0b6295f9ef9ff0f2436a1a9be4d626d5493c08c5a260807856fead2f666afd06088c23949ae19215388ff23b08d3b1d629d81629b19ac
- SSDEEP
  
  6144:Wb6NJhIrDjyeLyXyberDq91ItXMIX+CdppUyM4JMRUdt0FjyD0EjpQahloWbGhIW:5DUiZDWi0
Score

10^/10

netsupport discovery execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryexecutionpersistencerat