Extracted

Extracted

Extracted

Extracted

• • Target

    43c3f3e2e28157583e7eda204b2b103f.exe

  • Size

    1.5MB

  • MD5

    43c3f3e2e28157583e7eda204b2b103f

  • SHA1

    43939dc8d125df242075d47edd696f6276f7ecb7

  • SHA256

    280474eb2d29702b7026467d357d2a34d58c08c82a264c174bce9e4bf694c19b

  • SHA512

    6721ad923a1b5329addf034c8decd7d1aee3db800ef19064cfd7d077211d938aab6bb654751b6443cd19bb7a8b6896139787e9379522b3be5e8c5b492c75ef63

  • SSDEEP

    12288:qP5IhyeomsP5LxH94zj9jljH0bStIswondr1fDzqJVxLsE8LX:1QYrpDzq1uL

  Score

  10^/10

  asyncratpurecrypterredlinesmokeloadercheat-menumovabackdoordiscoverydownloaderinfostealerloaderpersistenceratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect PureCrypter injector

    loader

  • Modifies WinLogon for persistence

    persistence

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2