Extracted

Extracted

• • Target

    c21f3dea9e0b7c00f09dbfde0e9adaf05c2a18b7ba1b64de018719a0dd685053.js

  • Size

    73KB

  • MD5

    b90ea541f7c4e2b0dddca9adffabfd49

  • SHA1

    2551bf544b79146b6438ae461dd319bf05acc6f2

  • SHA256

    c21f3dea9e0b7c00f09dbfde0e9adaf05c2a18b7ba1b64de018719a0dd685053

  • SHA512

    345e3c66077a0635d8ff0457a2849219205f49e8f4911252448c29aa6e843b4c93a031bb546f60788b4858b390ba378de8d029f93dd26e9046e1fcc8f8025e1e

  • SSDEEP

    1536:eIu5WIwZfA8littzHvAcjedo+xFiYajgROT+euLxaBUMqpqpDH5N:66fczHjso+WjYOT+euLxaBUMq4DZN

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2