Extracted

Extracted

• • Target

    909babba2fc08d52a0cb1e6327b6d7bd33ce72bbe17c0d6759279dffd69e10cf.js

  • Size

    52KB

  • MD5

    e0ccf4e48f562e0155829e0117cd4f3f

  • SHA1

    e44bd3a37d696d1b01f83714aa11f35001bd0fe2

  • SHA256

    909babba2fc08d52a0cb1e6327b6d7bd33ce72bbe17c0d6759279dffd69e10cf

  • SHA512

    025028cb486ee58488b5b4db378d87ba9c80fa2b46a6682a70e4ccf11a65f5d12a0d51574c578e7bdba9cc1a4c1ba6670d1192daac0eb71f1d7dc2820918d16a

  • SSDEEP

    1536:QFoJV0eS4B1rjqtjg+mRvyXEg0y1HkbYZFkQ8jW579NsRC:9JV0eHr26vgTZ6Q8jW5MRC

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2