This analysis examines a recent malware campaign that utilizes the NetSupport RAT, a legitimate remote administration tool, for persistent infections. The threat actors behind this campaign employ obfuscation techniques and updates to evade detection. However, by identifying weaknesses in the obfuscation methods and leveraging indicators of compromise, security researchers have developed effective detection mechanisms. The report delves into the various stages of the campaign, including the initial JavaScript stager, the PowerShell dropper, and the final NetSupport RAT payload delivery. It also provides insights into the detection methodologies employed by Cisco Talos, utilizing open-source tools like Snort for network-level detection and ClamAV for malware scanning. Author: AlienVault
Related Tags:
T1564.003
T1059.005
T1059.007
T1003.001
Obfuscation
netsupport rat
T1547.001
T1562.001
persistence
Associated Indicators:
null