Extracted

• • Target

    11068-1106811068-11068.lnk

  • Size

    22KB

  • MD5

    9a4435a3b04ec90721a401d4db1fd5a3

  • SHA1

    6df13aec39d7bc1177748ea2bcc32a04c8e8e8b0

  • SHA256

    da926fb52411d384b2308f03401bfc776ab20720477a7ca27964a11e3c3c73ff

  • SHA512

    d77555d6b225c3026050db1ad6c80c947d45bb51b28a1be40b907e6f16ac0ab3e164b814f161dc94d818cd715f9dc519dca15f5c48c52a14bc56754fe419157f

  • SSDEEP

    384:w5Dfbc9wtpZ+8ZMdRQQWftQmJQRXduS9UMjWlhiB7YzAiPuFug9EA9DDh10:ifbcKpZ+4MdmQWemJQ9duYUOS9ADFusO

  Score

  10^/10

  netsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2