Extracted

Extracted

• • Target

    IN6535.js

  • Size

    27KB

  • MD5

    3c9b1b596caebc68aa4029257e6dd124

  • SHA1

    c4837de0f189ba472a6f0bed324440fa5284a5b1

  • SHA256

    5c1351cf88576894a7985f6645ff719c01b807e3f4f1c62f92a895ee66e4840b

  • SHA512

    2d2d2e00ce550c07a579a4fdf4e9025d2cd3ae5b9c916387bfcb9f2c0be3f51497b97eb3ac7cec21d8c561a20d63efbfc47f2fb31e5161d70d2a6b6ccd226b8d

  • SSDEEP

    768:cWBQTzQvc0/WTaKa8JcQ+ceBTGD+FoziB/ZyETg1c3HEeoEDf2fjq16vbEoQaYz0:zGD+FobEAEjM74v0

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2