Extracted

Extracted

• • Target

    bc744ffb073010911feabf75f577bf25e3cc453d9c79a5fced00fa7abe3512bb.js

  • Size

    72KB

  • MD5

    2c07cb2d7c8622de7ad1217c1d98edae

  • SHA1

    2698c6835ca8787b26dadabfe048060f4eeb7bd2

  • SHA256

    bc744ffb073010911feabf75f577bf25e3cc453d9c79a5fced00fa7abe3512bb

  • SHA512

    58562575a303d25f9af8bfbde69a6c440b5c86010c82030e07b664430a657513478c9aca15b5005851bf086349a490a2097d74447bd8ed3e5020e739af10bbe5

  • SSDEEP

    1536:MWL3c9zFw+SbpRMDnCXQ77cXdx7ha75xgaJ1+CS12Olq8DlRN3nVJaPJLNUCVEKc:fLWfSb7MjCXQPc37hO5xgaJ1+CS12Ol3

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2