Extracted

• • Target

    Rechnung3949888 M5516519 TEU3949888.lnk

  • Size

    52KB

  • MD5

    6b0fad35a8aaef4b892a229b13a5a9b2

  • SHA1

    194efa1278e4d4cb061d0eee5d42daf9590c9cf4

  • SHA256

    0cecbd1467320eb2b91adf45ccc75224699dc6910d29f840c10c47b46aaee20f

  • SHA512

    ca6566ef67c6b781f4390433e515350d823b13bfd6f502d0bc22aaf701a8a3e471494031cd0f130c44bcbdcfef40870152f2d7912cac3c018b6622c748a28a05

  • SSDEEP

    768:qf2+GzRdDjk9OH2LKTW0pZ7m17RQePtdDFeceU8tIwz/zJJNYjPOGR5Xr:yaRdD+82WTW0p8h6ePXdwTzJKmI5Xr

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2