Extracted

• • Target

    ErupStealer.bat

  • Size

    14.6MB

  • MD5

    9644bf6130818a23b7820e4441d84d6a

  • SHA1

    654d821a794488acba87a809e8eab889eb9845db

  • SHA256

    050efb70d521f74a42dcd63c703900433b03cf138fcfa1812705c8cb37deb1ea

  • SHA512

    db83473f76f680fa8f93da5bfa71d2b396f4cef44d222e75430a09432c68b67e37c92ca56b7f5d54265cbbb44145df00a11ccf89c498a391af609a2976c6beb9

  • SSDEEP

    49152:VfcOj5SiJ6+FBW/rRNkFa34CG36ICLvbtSAKsASfycGoA+uVteH7ki8KjXtXH8xU:u

  Score

  10^/10

  asyncratquasarratspywaretrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3