Extracted

• • Target

    update.js

  • Size

    93KB

  • MD5

    45e82c537987a2e09e296c7587ae6ca8

  • SHA1

    2f5c6ef11b5c6afca0939b3390c692b82ac1653f

  • SHA256

    2218ec62fc556c7b06749ad5066a504264ef7d8349aac4d0c08443d380545ca3

  • SHA512

    d96e70b3ab173b43718117c76d5c87c8eab3b2321fb2a5cf88a50bd45d7225021e81da472c7c8df71851230eebde6193661125493f3c949075835a3c29e8ae95

  • SSDEEP

    1536:dfKBCFcJag2MfKBCFcJag2MfKBCFcJag2YfKBCFcJag2mfKfKBCFcJag2x:dfK42Yg9fK42Yg9fK42YgTfK42YgifKk

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2