Extracted

• • Target

    care.ps1

  • Size

    2KB

  • MD5

    f240b3caaa90e4fa111e8e566cf913e2

  • SHA1

    aa12a29a39e7d2684ad4d4383074aeed0ef4a29f

  • SHA256

    aedbd62259bd95c855b9364b1c7a56f303909b0e32269b2ca042e7c75e9e5e45

  • SHA512

    183f7387db097662c800aada8c46a529a5d0d7ef4f9114e716622e932375baaa9b98eeba700abfd0ac647333754ada6ca257a41c35c4853509eb898d904fe928

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2