SmartApeSg Delivering NetSupport RAT [Tuesday, February 06, 2024]

In early January 2024, eSentire's machine learning detected malicious PowerShell script execution associated with SmartApeSG, a threat actor distri...
SmartApeSg Delivering NetSupport RAT [Tuesday, February 06, 2024]
SmartApeSg Delivering NetSupport RAT

SmartApeSg Delivering NetSupport RAT

Description :
In early January 2024, eSentire's machine learning detected malicious PowerShell script execution associated with SmartApeSG, a threat actor distributing NetSupport RAT via fake browser updates. The threat begins with the end user visiting a compromised site serving a ZIP with a JavaScript file that retrieves and executes a PowerShell command to download, decode, and deploy NetSupport components. This highlights social engineering via fake updates, obfuscation techniques, decoding malware, and typical deployment strategies. Recommendations include training users on malicious content, restricting risky file types, providing approved software downloads, and using antivirus, NGAV, and EDR to detect threats.

Published Created Modified
2024-02-06 17:58:50 2024-02-06 17:58:50 2024-02-06 18:09:53

Tags

Indicators

IPv4s : Hashes :
  • 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
  • bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
  • 956a4925b8c2a62c7f639e855b1672a162610138f670f1d7ba6ab71ad3d94541
  • 18df68d1581c11130c139fa52abb74dfd098a9af698a250645d6a4a65efcbf2d
  • 6795d760ce7a955df6c2f5a062e296128efdb8c908908eda4d666926980447ea
  • f4e2f28169e0c88b2551b6f1d63f8ba513feb15beacc43a82f626b93d673f56d
  • 60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92
  • fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814
  • 3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899
  • 956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd
  • d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368
  • 2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703
  • 4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b
  • 38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5
Intrusion set :
  • SmartApe5G
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.