NetSupport

NetSupport is a malware family active in the Remote Access Trojan (RAT) category and widely observed around the world. This sample has been identified as a RAT (Remote Access Trojan) that gives attackers full remote control over compromised systems. It has comprehensive surveillance capabilities such as keylogging, screenshot taking, file management and shell access.

History

NetSupport Manager adli uzaktan erisim aracindan truva ati varyantiyla yayilan NetSupport RAT, meşru yazilim gorüntüsüyle korunuyor. Sahte tarayici guncellemeleri (ClearFake/SocGholish) yoluyla yapilmakta olan yayilimda, kullanicilarin gercek bir guncelleme oldugunu sanarak kurduklari bu RAT ile uzaktan yonetim saglanmaktadir.

Technical Details

RAT ailesi: TCP C2 protokolu, kalicilik mekanizmasi (Registry/Task Scheduler), keylogger, ekran goruntüsü, uzak kabuk, dosya yoneticisi, process manager, anti-analiz kontrolleri
Threat Profile
Type RAT
Programming LanguageC++
C2 ProtocolTCP
First Seen2020
Targets Windows
Purpose / Capabilities
  • Remote Access
  • Keylogger
  • Screenshot
  • File Management
No C2 servers have been identified for this family yet.