Extracted

• • Target

    update.js

  • Size

    8KB

  • MD5

    0fd83f84723444823144002b6611a9a9

  • SHA1

    43d2f0503a47ee5c880d69715cbcc020c85d0d40

  • SHA256

    38bac741566c2c283aff646fd12c007daece0cbbbff4ff5799c7463262332d86

  • SHA512

    bb705f19dca3f7a6591fceb5ead2db672476240ce5d8625fb92df85c894e62275ffc9950f59da89caca87562e1f906a75918d5b73a1a2a499c7d1593e841edfc

  • SSDEEP

    192:4q+UOXasAgTq+UOXasAgTq+UOXasAgqDq+UOXasAg6dBeYmuuFq+UOXasAgD:D+UOKsAgO+UOKsAgO+UOKsAgqe+UOKs/

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2behavioral3