Extracted

• • Target

    Update_browser_17.645330.js

  • Size

    445KB

  • MD5

    56eb2815fb69422de48f6ec04c61bba5

  • SHA1

    afbe4b5cd7288dc1c91842b56c110ed24f35aa4c

  • SHA256

    2ba3601d34ecc1e7c841ece0b47942c097db8b656aecdba4e5d041a1d40cf483

  • SHA512

    1054f9d4d449dde9acb60e2541b2add2b4cf7cad8d1ac0d8934a2b0cad95fe44b7e7da451281fb1f06701d0e6c1b4914388acc83698d315a260d79c7a79820db

  • SSDEEP

    12288:lqlI1T7cZd+bqlI1T7cZd+jqlI1T7cZd+p:lqlyT7cZdCqlyT7cZdOqlyT7cZdS

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2