Extracted

• • Target

    updates.js

  • Size

    7.3MB

  • MD5

    69da3925220ff90aefd28766c75a04b9

  • SHA1

    fbd11ad48154197617c19d06728391a72172fa58

  • SHA256

    4ce41be6e6f3f37ed9a75211cbd951009b19222191fc143c12d83fa1ee48542c

  • SHA512

    8c3ab680a5e5999d72f0e56c3728e035772747d0c34038eae213f86581dc191197449f769b416917cba7b90e6c2b2fa38762c8c58decea4d0fc59734b4d56516

  • SSDEEP

    49152:47h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQA:v

  Score

  10^/10

  executionnetsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2behavioral3behavioral4