Extracted

Extracted

• • Target

    a6ceacfc3c6db3c48ac1b9d78a5f8386442d12b248a36be4f54f342e968bcb6e.js

  • Size

    67KB

  • MD5

    8b8941167d820a4eb5ef0d4be49c0ada

  • SHA1

    bbaf1ece80596ffe425263ef8eb174c4be1df159

  • SHA256

    a6ceacfc3c6db3c48ac1b9d78a5f8386442d12b248a36be4f54f342e968bcb6e

  • SHA512

    119b7823731b676267e301f72c3ca75f546d0d38afb71a898954d97a0be95097033167858a094c1268c44231bb1f02235fcf49230a00bf73f5f6e7a6c4017a37

  • SSDEEP

    1536:u+Bh9ollwqsqGbYHlaNKAkPwLZYSI0SIo0zDrLP5kX/fNabTT+r:lBDollwqsqwYHlbJwVYazDrLmfcT+r

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2