Extracted

• • Target

    Chrome_update.js

  • Size

    104KB

  • MD5

    d37739ac9f2283dd08e5fb5abf07c7b2

  • SHA1

    99af6ef83e2d195b43e5441da57311dd09ceb669

  • SHA256

    0c5f218d520d2fbd7c24b86fcf41fc90325edefb920d3aa0caf6705debcb26e4

  • SHA512

    7304a447cef3da71937f01975db95d5144b2f0bbc8ad07486eab81492920b1bf68f05f1e01f43648669d567888f489abc07a75bd345ea1dd3011dd0f05331978

  • SSDEEP

    3072:vSyoojJ+SyoojJ+SyoojJpSyoojJRSyoojJJSyoojJh:ayooj/yooj/yoojKyooj+yoojSyoojT

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2