Extracted

• • Target

    updates.js

  • Size

    7.3MB

  • MD5

    917ed9cb792f81537e24395e1505bf6c

  • SHA1

    25fec4cba71614d8332cac3f4446fca039d1f33e

  • SHA256

    d62447548f057c993c73fece105a22d98d2e2604e4f0cd26bb6821b2686e732f

  • SHA512

    e0b907f89db72260dd82346e6a55e71870e57a4654dfbe15670143304016d04d6a581da270c160dc27e70d26b4f8641f3dbf2da87ce9f646741e09a1a17a7921

  • SSDEEP

    49152:f7h4zjCxb7qHlp4BOlN0KFhcuscyEMzYsm7++86mn3Ef/Vf7GI0/3qp6RCgScEQy:y

  Score

  10^/10

  executionnetsupportpersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2