Extracted

• • Target

    Update_browser_17.6436.js

  • Size

    296KB

  • MD5

    e239f09fd12e5d2bc17d3b87565c2d87

  • SHA1

    56dd446e8524b074d50839f01539c7b07c57c9b6

  • SHA256

    7791a5f2d1b2aabc186a9f42cd7d78657dc4e970f05ecb65ea729cf8643de90e

  • SHA512

    85db1d32a84336b9e0ca9085e8aa7ce829c28053bf7a8c2b3dd95c07e5bc550ab803c6a07b9a5cefaa5d5504ef51857d6322132af33ce9cf1d30609da92187e0

  • SSDEEP

    3072:4OpyDJu8XUtQQSO1T7cbF/nlz3wq2B9OpyDJu8XUtQQSO1T7cbF/nlz3wq2Bp:lcJ6QhO1T7cZd6BYcJ6QhO1T7cZd6Bp

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2