Extracted

Extracted

• • Target

    318a1bec095a98f8fe16ef6bb5ada3f793d0b4263510950667014336c176a2a5.js

  • Size

    68KB

  • MD5

    ab79c4876d6119aab11dfd23fc88e8d6

  • SHA1

    0fb76913fd7dafa3cfd1e0018a604446218b7dbd

  • SHA256

    318a1bec095a98f8fe16ef6bb5ada3f793d0b4263510950667014336c176a2a5

  • SHA512

    a4f92e88acb7dd8ddf550ea96b4e59bbde6f897df0ff10bd43022e828d3abb627b37546725d3aac13908376f418154dcdeb57854d7747a30df4dddf9f82c41e1

  • SSDEEP

    1536:s2GE9qVpyaU3468JqW+GrjktmN8/84NC/GaeqL8RRKJ8Tjp:lGE9qVwau46MrjktmN8/8SvaeqL8LKJM

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2