← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fake Browser Update Campaign
WHITE Smartape SG/Haneymaney AlienVault 2024-03-28 Modified: 2024-04-27
13
IOCs
MEDIUM VOLUME
This report details a malware campaign distributing fake browser updates containing the NetSupport RAT remote access trojan. The attackers use staged web injections to ultimately download an executable payload which phones home to a command and control server.
ratinjectiontrojannetsupport ratc2
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
NetSupport RAT
Indicators of Compromise (13)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 c4f1b50e3111d29774f7525039ff7086 2024-03-28
FileHash-MD5 dc4c9430051fd1ee4993b091d778e130 2024-03-28
FileHash-SHA1 57539c95cba0986ec8df0fcdea433e7c71b724c6 2024-03-28
FileHash-SHA256 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d 2024-03-28
URL http://193.233.74.31/13cecbdad86667b0.php 2024-03-28
URL http://geo.netsupportsoftware.com/location/loca.asp 2024-03-28
URL https://edulokam.com/data.php?9605 2024-03-28
URL https://ezshipsy.com/cdn-vs/cache.php 2024-03-28
URL https://ezshipsy.com/help/helper.php 2024-03-28
URL https://ezshipsy.com/help/zewmrgqnw.php?reqtime=1711551912405 2024-03-28
domain edulokam.com 2024-03-28
domain ezshipsy.com 2024-03-28
domain psppdwsxmrskikbtjbupwcqajjzphmt.run 2024-03-28