Extracted

Extracted

• • Target

    4dcb7e62f9d14425c0fb7a7cb82325c4e0837c164695c5bdebfb69d8864a873f.js

  • Size

    66KB

  • MD5

    b3d048535d380295a2ebba3033c3338c

  • SHA1

    9968f6002c1909124d5cdaea7f276d4bd5d00806

  • SHA256

    4dcb7e62f9d14425c0fb7a7cb82325c4e0837c164695c5bdebfb69d8864a873f

  • SHA512

    697649523541b5c63e1a3ca81bcbda0421deaef7358d0820062b8c6f0f717a540883b4b72ea42338895a67fa15c519552b6d1a8edd65abb90a91835f22cce7fd

  • SSDEEP

    1536:sGk0Gtfxyin8/EgRlKnr7VAUMzR73uhe1KaDyOoCM:sb7yE8/EgRl2VAhB3uhe1TD63

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2