Extracted

• • Target

    BILL47189.js

  • Size

    7KB

  • MD5

    9082a9dbb169613415eb7b7f57c266a1

  • SHA1

    fb0597194bd59ebfd4d085380dcf4846365fdf77

  • SHA256

    a95fe0e3b0cb3c0a172eef317d1b213f8572156dc44026f470add87e563bb3d1

  • SHA512

    994b1fed259b1d567100fa8019973ae8f1b1748923498d921a5ac213f30e27270a6464943bc374794cb84ccd23169863d746351e5b026a83c6aeb041e3bac6b8

  • SSDEEP

    192:IlwJpl821uyfWwWKDbqSXGIJgE9GeBCVe0W1uyfWwWKDbqSq:IsjBfFDbqSXGIvGAB0eBfFDbqSq

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2