Extracted

• • Target

    xff.cmd

  • Size

    6KB

  • MD5

    ae6a3a8912f6dd675542cc40cb5c6088

  • SHA1

    ba9cf3a09d51ab5f090fc9dac6f1253321c922e4

  • SHA256

    cfbbcd80b1537d3ba3b27a57002496542db471094bae1612abc70bac5fd80808

  • SHA512

    ac34dd4755fa9a5ba35c5c404aea505a5ef26b2ece6dc8f6bc7e65a7fc934e17af60aa208aab74fbf2719086c9e9dd0a1c85548d740967ecce27483e89778699

  • SSDEEP

    192:oeOol1MILxFMeVO+BqDwoJK7bE9COaJppuq8TH6+Q/:ocjMIdSHwowbLuqkH6+Q/

  Score

  10^/10

  asyncratdefaultexecutionrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2