Extracted

• • Target

    i-srvs0000022933.html

  • Size

    230B

  • MD5

    ba62081cefcdff3aefe32b0817abd2b6

  • SHA1

    07531731162bda20d86f701854c59a98887dcc36

  • SHA256

    7fab3cad04a892ab929b6efb92854757e25b3d4b8648c2eca1a55164791d36b4

  • SHA512

    ca7edb18aa173c2d20dfeb4425ae218a36d0a57eeb1b3a7a8e15bfe31ab09eae1b6a908ff6ec0a465e8966a0101a8fe78390a7734951f0e632a7c8d54cb86931

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1