Extracted

• • Target

    node.ps1

  • Size

    395KB

  • MD5

    34acf6883ed4937fe14f798de56f4c9e

  • SHA1

    f02f7e373fc35e30b62ebb05dd668a851d3c516f

  • SHA256

    bce521d15424563d9a44e0712340cfc19eddac4d81c78375412ada2fc9c1e20c

  • SHA512

    bbe7403dd81ef31d9259caf92cf7868d5d986ad9fd6c876c0420a62f04eb44abcbc2cc742ec5fd5633e94da0264c197043621f982e99eee646d6dd486b31b17c

  • SSDEEP

    3072:ylL0042W5s89pKxiFymwjIG2OVjVvEaMZ:oLKy+

  Score

  10^/10

  asyncratxenarmorboshkashcollectionpasswordratrecoveryspywarestealerupx

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • Async RAT payload

    rat

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2