Extracted

• • Target

    621192a2ddec59e4abc0239e7d091535acfc98ceb60fd38069fae06af9af8d67.js

  • Size

    37KB

  • MD5

    69217e37a891c3aa3c9ccb9d115ef51d

  • SHA1

    9d16ee0f7e6af6fc2f6bf5b1a4871d7f74eefac5

  • SHA256

    621192a2ddec59e4abc0239e7d091535acfc98ceb60fd38069fae06af9af8d67

  • SHA512

    ce539eff77c75075202ec16ae952b27edc51fbb3b37f152c6b15552b207ac0f7b0db28eed2f038e5b8791b25d2151316d9aca8a6e496b5b780a169f93fd8e360

  • SSDEEP

    384:XIIIIIIIIIIIeIIIIIIIIIII2GIIIIIIIIIIIlIIIIIIIIIII6eYIIIIIIIIIIIj:pTi+i

  Score

  10^/10

  asyncratnew grapitypersistencerat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Async RAT payload

    rat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Registers COM server for autorun

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2