Extracted

Extracted

• • Target

    62cbfbb308cbaa0a08ebf4a59bfdf48324b47d52c073041b37f4c889476a3ab3.js

  • Size

    57KB

  • MD5

    d9e56e8136a678001f263949d575f27a

  • SHA1

    6824ad4522bda1d19642f406e41c0981595c6241

  • SHA256

    62cbfbb308cbaa0a08ebf4a59bfdf48324b47d52c073041b37f4c889476a3ab3

  • SHA512

    8cd9d902637085640dab747e9b1d6689cf78776d3c6b1e7ceb6eb7589556e7b694e3aac4e90b765b91f44183d60e497d7d8f3bd6c38b127010fc479b2f7d513e

  • SSDEEP

    1536:N0LkfnLh33R/x1ULuZAbRKrD13j+28HyiBPwVAkPEDP/pi8Z8Hi99Js2IbY3kC4e:eIhntx1UL94j+28HVBPwVAkCn3JEtg5N

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2