Extracted

• • Target

    update.js

  • Size

    350KB

  • MD5

    1cc37e540105a888cbe50d8d81b09e27

  • SHA1

    0e2701afb1ba6050508dd7a4ecfc6fe3266ca9e2

  • SHA256

    d733403650832af97220ed7693dcc0901336c84f927351db27a2ccb2de2deae1

  • SHA512

    2ed4db91e1e59c17966de8cbe12dd6b830e9f6756d7e98a8d525597252db393e843fdba82e17e0403b77416393ac3059a58f3d954985ab56e23b156ae4b981b1

  • SSDEEP

    6144:QY/j8teY/j8teY/j8tMY/j8t8Y/j8teY/j8teY/j8tWY/j8teY/j8teY/j8tQ:QYwteYwteYwtMYwt8YwteYwteYwtWYwW

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2behavioral3