Extracted

• • Target

    de96f95692e27176b74125a40300ba08

  • Size

    1.9MB

  • MD5

    de96f95692e27176b74125a40300ba08

  • SHA1

    472c7dfb79b00e95b68b3ba23c7fb5c14c740053

  • SHA256

    172705adb5ebbb023174bafa12a8c572604258aaf4a3959ec6759c7e3333b7ec

  • SHA512

    9062560007de212f285c1fee05df3b6cd021fcc4367d29b1baf9b0a1158aca484601a57b84e7c4b9c0937336f7a3e6e69fd990f516abd288666edf6aca16e1cc

  • SSDEEP

    24576:sYYiCmMxAtOsBgo0q4wMcCcsp/iKgM4MRM/mXVK67k3GCo27nsISxZvBn2spMBuu:sVWsoHMcCbppx44lK13NAI6736F6Z

  Score

  10^/10

  asyncratdefaultrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • CustAttr .NET packer

    Detects CustAttr .NET packer in memory.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2