Extracted

Extracted

• • Target

    284828482848REC_.js

  • Size

    74KB

  • MD5

    a60f54edb736dc31b12812038a000661

  • SHA1

    359a42b02311ccd6c07d133bc481c001caad36d7

  • SHA256

    d7d11b76de346b25fc09f172332a4426c7e1526b23361f3d6b1f564747995caf

  • SHA512

    022de789b843c2ed2fe7e89261fdf66dd00da80ee0a152847fb111cb54d17a310824e9c5f06829f16af50c3308e5b56d8bd22d9b0b84fdd13446fad12f15bea6

  • SSDEEP

    1536:6RZVZUzggCuajZKrLUDx8SpSr+lbt/e2CtQZRbpTdK37m0DrZG:SozggCuajZKrLSx8SpSr+lRqGTdhKi0w

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2