Extracted

• • Target

    MartDrum.exe

  • Size

    904KB

  • MD5

    1e4352c43b8c5a6b5a10dd0ace9a57a4

  • SHA1

    6d4f220bdfee34df0b3b9d8a829dd423fab5abdf

  • SHA256

    9410861cbe8204310017cdec72056d49f8effbe26961cc6cb73fee37c731e0a0

  • SHA512

    ac96916f4c42acbf8be07d814dbc15e04c50e3874888ebdb3d762f74fcac58e4e100da68a34d78da12403ee09f3bf59c681bf3fa258de8e39e1038b5fc42e7a9

  • SSDEEP

    12288:Fy3S2m4omcLCRdCPiofcsdS3c2qRWi2kx6RAaiPjMoxIlDhI4HPlRoQ9RT9tQ6DP:FyhM1LAdCKo0s6xrkxJxjDIldBHdRvfb

  Score

  10^/10

  asyncratload_manratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2