Extracted

Extracted

• • Target

    doc4978316.js

  • Size

    35KB

  • MD5

    c21cf0ea00b1fd7e53fa14b55dd1be82

  • SHA1

    aff249ddfc8d8fac75d0bf040579cf32e0d50e2a

  • SHA256

    c9e6dc44db59f1883e850babac21890e5723d2627a623c47f709e3bb7d073e35

  • SHA512

    82e4004f78f1aef5dfd1ae83b6dec4422e0960d15b6bb5f845ae7af13617fa9349046ce74be0b893de2e139ee6c93106048f0f2be70199d6567095c14d1ae618

  • SSDEEP

    384:Wj9safdV7zZ/iRRil5Vxy67U2j0etD/1qQMmFcDpOlkjQSHnY4bvwn3QmvCBHx5H:WCWZERq02j0I/1YH9gSRvww7EjzG1

  Score

  10^/10

  persistencenetsupportrat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2