netsupport | abbecf6c5345816825962a2660a97799aefde226630d51b27ada1f821d753471 | Triage

Sharing

General

Target

abbecf6c5345816825962a2660a97799aefde226630d51b27ada1f821d753471.exe
Size

5.6MB
Sample

250404-v4yj7a1xax
MD5

1d8923d191850a2e38a3519432719ba6
SHA1

67ff268bf5ef387a96fb0d6f76e2988d3ccdbb51
SHA256

abbecf6c5345816825962a2660a97799aefde226630d51b27ada1f821d753471
SHA512

08efbb66a371589b3d587076f5b366f8f3ba03d89bfa85b21bc90d6fb4a4c868e7ce146474dd0fb6c0ad321bce3b5cf6dcb02de8a4d502b81e735faadb6aa071
SSDEEP

98304:+d/eb1j56MtaOMMsiz8Y9fxLOIWw/lIGs0A8NZpcl+t9mjh6eZUpVbuhKm4Lwalu:+d/eb1j56ibMMsA8YzOIWwU8NZp79G60

Score

10^/10

netsupport discovery rat

Malware Config

Targets

- Target
  
  abbecf6c5345816825962a2660a97799aefde226630d51b27ada1f821d753471.exe
- Size
  
  5.6MB
- MD5
  
  1d8923d191850a2e38a3519432719ba6
- SHA1
  
  67ff268bf5ef387a96fb0d6f76e2988d3ccdbb51
- SHA256
  
  abbecf6c5345816825962a2660a97799aefde226630d51b27ada1f821d753471
- SHA512
  
  08efbb66a371589b3d587076f5b366f8f3ba03d89bfa85b21bc90d6fb4a4c868e7ce146474dd0fb6c0ad321bce3b5cf6dcb02de8a4d502b81e735faadb6aa071
- SSDEEP
  
  98304:+d/eb1j56MtaOMMsiz8Y9fxLOIWw/lIGs0A8NZpcl+t9mjh6eZUpVbuhKm4Lwalu:+d/eb1j56ibMMsA8YzOIWwU8NZp79G60
Score

10^/10

netsupport discovery rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryrat