Overview

overview

10

Static

static

3

snd16061.exe

windows10-2004-x64

10

snd16061.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    snd16061.exe

  • Size

    2.1MB

  • Sample

    250417-tlrs9awpy8

  • MD5

    e24d2cdf95e080f2b6a1db32352d8a3c

  • SHA1

    780ac662ba88d28882c2821d1c5fdc9894b1fcb9

  • SHA256

    d2f9dc8e7278a2ec0aa634536ac8d23db209aba8ca0e109ce80469c27517ab33

  • SHA512

    b623c6991acd2b437e88d5de6fb61aaa0a28ec79f3586b5e1eb1d749af374eb8f3d1b23e6138f00168d77518d3c2c5793ecdb32f94ec67df1e45687f13addbb1

  • SSDEEP

    49152:XMHaSOxCBcuLX54FiFdrAskBlVgEKEZv5zauP+Tx77KZbYj57O7Tfle:XM6FMBcuEEdrAstEnv53P+xhOfM

Score
10/10
netsupportdiscoveryrat

Malware Config

Targets

    • Target

      snd16061.exe

    • Size

      2.1MB

    • MD5

      e24d2cdf95e080f2b6a1db32352d8a3c

    • SHA1

      780ac662ba88d28882c2821d1c5fdc9894b1fcb9

    • SHA256

      d2f9dc8e7278a2ec0aa634536ac8d23db209aba8ca0e109ce80469c27517ab33

    • SHA512

      b623c6991acd2b437e88d5de6fb61aaa0a28ec79f3586b5e1eb1d749af374eb8f3d1b23e6138f00168d77518d3c2c5793ecdb32f94ec67df1e45687f13addbb1

    • SSDEEP

      49152:XMHaSOxCBcuLX54FiFdrAskBlVgEKEZv5zauP+Tx77KZbYj57O7Tfle:XM6FMBcuEEdrAstEnv53P+xhOfM

    Score
    10/10
    netsupportdiscoveryrat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Netsupport family

      netsupport

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks