Extracted

• • Target

    Update (1).js

  • Size

    3.9MB

  • MD5

    49273816c994664478dec45a8e20a531

  • SHA1

    7b3d5e27f0ad29c18e578bddc1d25ac29901a38b

  • SHA256

    cdd9798b8cfc59617f38456b48dd5a6d0a2bb793dfd59f1684175a1a8ba48ab6

  • SHA512

    0ae0fa0aaa5694aeef9a49de081c99aa0eed550d241b9ea8a5e1d1e412b9fa98473efd11b5c4157c41d6d8bc82be7e065e99f55532465b04e78252e2afb010cc

  • SSDEEP

    49152:OCz4F9dM2furCz4F9dM2fuVCz4F9dM2furCz4F9dM2fumCz4F9dM2furCz4F9dME:OkGgkGMkGgkGvkGgkG9

  Score

  10^/10

  executionnetsupportdiscoverypersistencerat

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2