netsupport | 21a24922b29742977c4f7e25dd2be056dc02bc5e70c98e32ec3e0c6206f4d9ef | Triage

Sharing

General

Target

Chrome 135.0.7049.87363.js
Size

1.1MB
Sample

250408-v5yataxkv2
MD5

c6ae1c6b01fa51111c9f86e12bd18eb9
SHA1

7b1671915c0605539c2c3d96ca88539831490b27
SHA256

21a24922b29742977c4f7e25dd2be056dc02bc5e70c98e32ec3e0c6206f4d9ef
SHA512

4144c2d56cff73b5afb7b842715e4b12939292c22912ecb9c2c5dcfa9a0614b95843c4a746f9232d93737b83bb4e010e4b7a3417f41faa49f22bde7b127c9d5f
SSDEEP

6144:Wb6NJhIrDjyeLyXyberDq91ItXMIX+CdppUyM4JMRUdt0FjyD0EjpQahloWbGhIR:5DUiZDWiYle

Score

10^/10

netsupport discovery execution persistence rat

Malware Config

Targets

- Target
  
  Chrome 135.0.7049.87363.js
- Size
  
  1.1MB
- MD5
  
  c6ae1c6b01fa51111c9f86e12bd18eb9
- SHA1
  
  7b1671915c0605539c2c3d96ca88539831490b27
- SHA256
  
  21a24922b29742977c4f7e25dd2be056dc02bc5e70c98e32ec3e0c6206f4d9ef
- SHA512
  
  4144c2d56cff73b5afb7b842715e4b12939292c22912ecb9c2c5dcfa9a0614b95843c4a746f9232d93737b83bb4e010e4b7a3417f41faa49f22bde7b127c9d5f
- SSDEEP
  
  6144:Wb6NJhIrDjyeLyXyberDq91ItXMIX+CdppUyM4JMRUdt0FjyD0EjpQahloWbGhIR:5DUiZDWiYle
Score

10^/10

netsupport discovery execution persistence rat
- NetSupport
  NetSupport is a remote access tool sold as a legitimate system administration software.
  rat netsupport
- Netsupport family
  netsupport
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

netsupportdiscoveryexecutionpersistencerat