Extracted

• • Target

    de8636c5d87d276a4971eab3cbe5d3d3bb18618e8a24ae27b154e1548bd438a4

  • Size

    866KB

  • MD5

    17d02350b80c3c03c0be2b1acab650d1

  • SHA1

    775181f6686d21806ba7e6fe4ae1ecdc82d0157f

  • SHA256

    de8636c5d87d276a4971eab3cbe5d3d3bb18618e8a24ae27b154e1548bd438a4

  • SHA512

    e61b19867eb0aff9d43ab7f13ac73217d0bd244e8b908eb902940315d77c3df67fbde40f7d80d602d8f491065fdb98791deb5f3fd4c122ef010f09616d1aaade

  • SSDEEP

    3072:dBUyU7/NUauKvxUjUYqDbf5PBb6Tx3zU5IYUeyUwgUn1UdjgUtGU4rZ/ME+h0UIx:CQdx8nHZtwjWK3FFQgzv1x5

  Score

  10^/10

  asyncratdefaultpersistencerat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers.

    ratasyncrat

  • Modifies WinLogon for persistence

    persistence

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2