Extracted

• • Target

    tkssm902.js

  • Size

    34KB

  • MD5

    fe8b528048c4a04a751b73c89dd22ef7

  • SHA1

    698f9268d1b3b3a80fd5d93225d1a6ec0d3b3e49

  • SHA256

    08160da0b9b8ef3aa57505094de9f89fd906062bb2d2c391b487584534411324

  • SHA512

    769b2a304219d1bf74b5a6e5a87c430d0ea875a757ecff5b6e1a902259e44ba965f9c0d6b63fee40bc2bda690d38957fa6753a39f7f5a00916c6d194829067be

  • SSDEEP

    384:xOAwCgsW+Qbuec9sMDW2xDdAV8blMC6Icx00zAIGF96kWumOSALSRnJOKPKR+Opj:8tb+yLMSe+8bSCjiZAOndPVJPEV

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2