Extracted

• • Target

    update.js

  • Size

    217KB

  • MD5

    359d56262402a67447c1280e9235884d

  • SHA1

    816a688338356da0902b5e265828d1346d9b657f

  • SHA256

    d348470cf75617462f4f3bec5a79dfb93b77384445b6eceff4f8efd8d746c57d

  • SHA512

    797338892e757216ac8679e7d74c9ece54df6609a655c925275ec36fc515c8e7c83ecf5417b824a848cf60eaf9cc8dc1e84880e1dcc1dd4f27f7624ccebd04d1

  • SSDEEP

    6144:mRvCRvCRvTvRv2RvCRvCRvCRvCRv6RvCRvCRvG:mYY9vsYYYYAYYk

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2behavioral3