Extracted

• • Target

    spoofer.bat

  • Size

    3.4MB

  • MD5

    0990deea076062de5eb3da9a8b7f8e9e

  • SHA1

    af911f1272174c4e609551e22c32eb3f2e52fa3d

  • SHA256

    4b920c737b2fc26db60d86322c07777bf18f83deaf3e83b7564453b4eaff8d4a

  • SHA512

    33aa8bb1312b53e1c31ae1c2d4143e39c56ab6ddfdad00dbf7e68a14ee6d00ed49de5d4d25d2c3ee7879cab8098eab724254c5e7f843d24f4ccbf688762b0249

  • SSDEEP

    3072:VuBAMEN7YarD8LYEGrPNNyZXbHVLgoBRLi+laymtrUIoJBsZX2:V97YLgrlNkDV7NaymREJ6ZX2

  Score

  10^/10

  executionasyncratperm-woofrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Async RAT payload

    rat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2