Extracted

Extracted

• • Target

    cf46300bc79f7d868887c54856589b2e4551dee3bae7feabd5251e40c9eca364.js

  • Size

    66KB

  • MD5

    b351c5ff3faa7b8950fb3f79000fbd6d

  • SHA1

    7848bb60598db2754f14fa1c52580557e630f11f

  • SHA256

    cf46300bc79f7d868887c54856589b2e4551dee3bae7feabd5251e40c9eca364

  • SHA512

    96c96e5d501f63f33dd3be7b7d2e5a974dd6d1c0e3a342e5ac7c23cc358f678e466ae7a1302e1176b1478a4e3530d97ee4f1718a5f27caf02425da4ff1766901

  • SSDEEP

    1536:C+HdiDQwLyieMnKYjk5bkzkfc7wchjkJxjqKVzM2sBJ3rASeFaM+bVy0vE+1zxiP:C+yq9YEZlhaPbVyoE2FeqyCIVowLrH8q

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2