Extracted

Extracted

• • Target

    b9a5609f1393d9bd4122adeb4bc317c58060aa898394382449a09345d80c5c4d.js

  • Size

    60KB

  • MD5

    f4ac6188df3e45081124740789003495

  • SHA1

    58322411a63f617eb0bf5d6486411aa044ff9a21

  • SHA256

    b9a5609f1393d9bd4122adeb4bc317c58060aa898394382449a09345d80c5c4d

  • SHA512

    9c15c939829f177441bb53616ddd8b2f389345ebb76843cd3f3c3c2e7b44fb8053e6d015e48e904129a43df6aa219d95c7583b189ff8cb46056383d23b4ca0b9

  • SSDEEP

    1536:6wHbxzFgBBt9quDrxkLqEgejEmSbC61ik276L02M8pzT37hqW7t2:/Hb1SPXxZejjSbJ1J276L02M8pH37hX0

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2