Extracted

• • Target

    tmp

  • Size

    88KB

  • MD5

    d54251187d34bf23efbd1aeb8863fa80

  • SHA1

    6d89ec633bf1fc506ba796846f1e108543b85756

  • SHA256

    e103c29f6e8365d4ca9f843839556faadbb907060dbd711fa3119fe12944a635

  • SHA512

    f3aa291302719ee8306cdaec43162e36c29a56a32ed3f78c081573a0a70dc22ad1ccdd8cdc74d9dfcd56f7fc41c0d149653b568bb771e65fa1a22e9c06979236

  Score

  10^/10

  asyncratneshtadefaultevasionpersistenceratspywarestealertrojanquasar

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Neshta payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies system executable filetype association

    persistence

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Async RAT payload

    rat

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan
  behavioral1behavioral2