Extracted

• • Target

    52cae576b71c872d793937b5437db6c2a15324342d7d9c4101cd516dd4944cc6

  • Size

    14.6MB

  • MD5

    cef5534159555f0df0b6e85715c19208

  • SHA1

    b1d4a0ccf69b20ba3114696e6d7c126089080325

  • SHA256

    52cae576b71c872d793937b5437db6c2a15324342d7d9c4101cd516dd4944cc6

  • SHA512

    2c3e75871fd59db084747c078fa92050cb5ee3a47a307730f57cada79ae5ba00e037ffe8508e834eb4630d8f8cf1e8b5d50b88ae7027f66f55033ac92a511460

  • SSDEEP

    393216:+SL+9qz88Ck+7q3p91JmBqfKV6egI7w13CT6Ztw6:+++9q4G331UofXeRw13CT6

  Score

  10^/10

  toxiceyerattrojanupxasyncratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • ToxicEye

    ToxicEye is a trojan written in C#.

    rattrojantoxiceye

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  behavioral1behavioral2