Extracted

Extracted

• • Target

    972469e07d7732fcf6240a1d8b43968cdf7124c756109ebf6002cca7e6efceef.js

  • Size

    58KB

  • MD5

    f19bc12f4c984079c8f73a2dcf393f63

  • SHA1

    0f277b41099e0398cd58a4ee677cd9b98c86ab2e

  • SHA256

    972469e07d7732fcf6240a1d8b43968cdf7124c756109ebf6002cca7e6efceef

  • SHA512

    e9f613e9abbf66405f4b7c205f06932fd942f4a64ebd675131b2810a5b3453956db57c1bf22a2c519a3eafdd902a0fc9ebf877d5ba371603c95e3c2bd260d2dd

  • SSDEEP

    1536:G7ZVBfYscHbwc8DgA4KIwyaKi8FG6hCV8nebzj4FrV4:+ZVqT7wc8UA4FZaKpFG6hCV8syrV4

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2