Extracted

Extracted

• • Target

    29753f0ec51bd0f7d69139ad2b359333c6d1aed2937a2e16982c1a2fee3bb97c.js

  • Size

    55KB

  • MD5

    8c1a5db42e7151f6fc6c620a965aafa0

  • SHA1

    971130c6a951e64373c8dcbffaa8f4e31f786c6d

  • SHA256

    29753f0ec51bd0f7d69139ad2b359333c6d1aed2937a2e16982c1a2fee3bb97c

  • SHA512

    63a2bf1ae93cde80100ca1ebd6f9dec0742b82152591b9e30f44578f7064951f38b5649f9ffac58aaefe4ddfee94c2b8d39dbfdf2cf5f666cf2edf2920175175

  • SSDEEP

    1536:GeUup4MVH3rQgHZ87RQ5Xlt/xcvZ6P2E8ANJqO:Vbx885xlt/xcveZF

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2