Extracted

Extracted

• • Target

    75c3f3e75faa734634722a3f75463e1855b1a1b9f507d18626e466e670ba53b1.js

  • Size

    69KB

  • MD5

    e733793282eee7daa7c60fc37bbc7dd0

  • SHA1

    f23d72289c3b5b038b6549b4600f2e1da10d9a2a

  • SHA256

    75c3f3e75faa734634722a3f75463e1855b1a1b9f507d18626e466e670ba53b1

  • SHA512

    3d23d8fd3ed838735a3f711decba28a93c67f9605de5a23480d1ed7ccc6483250fd7097e048004d892f922a9e1d63692de4c14ea76012d12e2864569fdf1d929

  • SSDEEP

    1536:j+56eH9Zpi3qJ4G5eZpcPlBfn2jN9r9rIYT13uGnGowdol:jW9ZhbYZpcPP2j7r9MYT1BnWol

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2