Extracted

• • Target

    Chrome_update.js

  • Size

    106KB

  • MD5

    67d8f84b37732cf85e05b327ad6b6a9f

  • SHA1

    2273972b8df66df244054d976034c021f0a20659

  • SHA256

    dbc041f1b15d23f3f7a99201f6e64a39cfdba069b68c9add6c0750c8c598b71c

  • SHA512

    fdbfc552f2d7225ef56c23f1e0a833267875a4ca69f38ce79200aa9900d6f3ced79ddea82eca74e932ac447a6bd1f272bdf5c8f7023176e6825e5e0f6d4f5b09

  • SSDEEP

    1536:J/rZcMsgm/rZcMsgm/rZcMsg6Gu/rZcMsgT/rZcMsgb/rZcMsgZ:J/rZS7/rZS7/rZSH/rZS0/rZSC/rZSk

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2behavioral3