Extracted

Extracted

Extracted

• • Target

    bomb.bin

  • Size

    12KB

  • MD5

    2a44757cb52768ac7b35a42c41d3835f

  • SHA1

    7eeeb57f1f583b7f3c1dad4b19a2da0854160f30

  • SHA256

    97efe91fe5eff3dcdcb055f037f1df01c1409e6bd38a8f07170ea53a0ff265ef

  • SHA512

    6a3cd321f1977d2a930b9e22074686497bc5dab9be45289c2130dcf36ab19e05f10988a345b9df7988593c80ee2f2304e141d778a1b91a29eaf75fea3b89de0a

  • SSDEEP

    192:WHqdmIazGejA7HhdSbwPz1ULU87glpK/b26J4L1Xej5:WKdGxjALhMSULU870gJ/

  Score

  10^/10

  asyncratgluptebariseproxmrigxwormzgratdefaultdropperevasionloaderminerpersistenceratstealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect Xworm Payload

  • Detect ZGRat V1

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Async RAT payload

    rat

  • XMRig Miner payload

    miner

  • Creates new service(s)

    persistence

  • Downloads MZ/PE file

  • Stops running service(s)

    evasion

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2