Extracted

Extracted

• • Target

    c6a6520a8d9d4ada3c4c23ca97fe954be793f4eda9dc3b6e28d9588fa6051a98.js

  • Size

    53KB

  • MD5

    e03e92ac8fb4660b37306d2e3054ff7b

  • SHA1

    2e1d74fcceb08bac9f1498e99c5a2a3c30a93701

  • SHA256

    c6a6520a8d9d4ada3c4c23ca97fe954be793f4eda9dc3b6e28d9588fa6051a98

  • SHA512

    07d89001bff59317bd0121f37f77fde7a1ad0bb914e050f3212e7840cd75f6a2c1013b521322e3a5d1b73ae3218fc19fc455ea30140c1ee21c303df675b294b0

  • SSDEEP

    1536:Dy9WbpDiixx/hEn/+4wSlbl4scxwBJvO4TIWBC:DDBR/unwS5l4scqtPTLM

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2