Extracted

Extracted

• • Target

    b9bbd7e00c53ca840ce0e3019b82c980afae9984dbbf54739e42acba7da031e9.js

  • Size

    66KB

  • MD5

    aa6cf1c2d9f71a43c7ee0111080fb422

  • SHA1

    6ac2fdd1b6536b4876844c369222e65e74ca7424

  • SHA256

    b9bbd7e00c53ca840ce0e3019b82c980afae9984dbbf54739e42acba7da031e9

  • SHA512

    dfd74b4f204a53dd2f41f55c48a0836cf52f6228bfb9146cef5c7c67093125a6dd43a2f64eff5b88c5b423ae28d3f40389460d326fbc32fb24ca32d33e98df7f

  • SSDEEP

    1536:wI/vYh4KOCARjVbh5E/LuH6Cvpwrmpz7hU557tRtMVCkTOQ1i:nmCZbh58M6CvOmpz7hw57tRtcN6Q1i

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2