Extracted

• • Target

    updates.js

  • Size

    7.3MB

  • MD5

    2826502a26311bbe395d5ab565114330

  • SHA1

    1764ea00a1262c07b13d0c4b059e88e57650dfc4

  • SHA256

    65ab8ed555628693952b1fc385feca757b0a689981128d848f2c39a52e7da1e9

  • SHA512

    578eaf54cab019a8f1b166b1da0b5580ee8081bfd1629fe938e366ac855b501016d84e5567008069d900a970247577ae998191d028ce5904dd7c0a7bee451239

  • SSDEEP

    49152:47h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQu:1

  Score

  10^/10

  executionnetsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2