Extracted

• • Target

    Chrome_update.js

  • Size

    107KB

  • MD5

    bd7e4b17d2c16778b9df00cf9a5fa922

  • SHA1

    9d7f54594b0535db3e0964eff8098fe7e8318207

  • SHA256

    1351023e4077e614fe8039ea2a7fe7309cae1e8750f8cc4120f2d11d20b16ea7

  • SHA512

    4bc3e70d8aa24ecf09dd927fbbe893164ebcf48c9a646232ffe745598d639020ce499018970ed925b35422bbbc84bbfff0fb362f450a2b2da4a9138a57671fb4

  • SSDEEP

    3072:JtfeJN6SztfeJN6SztfeJN6SmtfeJN6SqtfeJN6SEtfeJN6SI:JcxzcxzcxmcxqcxEcxI

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2