Overview

overview

10

Static

static

1

Netsapp.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Netsapp.ps1

  • Size

    272B

  • Sample

    250414-v7rwtaw1gz

  • MD5

    1cf5abed69956b6ffe7be6f2b72ab924

  • SHA1

    e88d0b083526cec231cd49fc9af68706195313ad

  • SHA256

    5b29530a97c26171c60844fac181ffeea81e457e8de12dbc6234498324598fa4

  • SHA512

    f74140c8174205fd1f5ec833102cb778e03f3e26dc4de9a30ccae03a4316511fb0d4423cadd956478f63d19e22bb968d9e6b4eb4fb367f325db7d9f406f502b7

Score
10/10
netsupportdiscoveryexecutionpersistencerat

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://glona.net/wezp/fweb.zip
exe.dropper

https://glona.net/wefl/

Targets

    • Target

      Netsapp.ps1

    • Size

      272B

    • MD5

      1cf5abed69956b6ffe7be6f2b72ab924

    • SHA1

      e88d0b083526cec231cd49fc9af68706195313ad

    • SHA256

      5b29530a97c26171c60844fac181ffeea81e457e8de12dbc6234498324598fa4

    • SHA512

      f74140c8174205fd1f5ec833102cb778e03f3e26dc4de9a30ccae03a4316511fb0d4423cadd956478f63d19e22bb968d9e6b4eb4fb367f325db7d9f406f502b7

    Score
    10/10
    netsupportdiscoveryexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks