Extracted

Extracted

• • Target

    APK-installer.bat

  • Size

    442KB

  • MD5

    52709a177ea05374516eae946c3f800d

  • SHA1

    f8a17588756941fca054402b1d32770d22b63d1e

  • SHA256

    d9bf2b9cf084edc7ea54d3bc7facd312951b434f8e64b712a8233c113da7d881

  • SHA512

    35caadb87ac6e6853aab7818672e5509919c216e5ca51bc98d6156aca5a199f436196dcdc2bb6b45b15c824f811643630c7cbfe522202f835efdf6cc2a355ebb

  • SSDEEP

    12288:zSDnZG9iQNJTvPA+/P3PIN/0Hl+SZK2jUG7O:onONJk+Xwh2ly2NO

  Score

  10^/10

  asyncratxwormdefaultexecutionpersistencerattrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Async RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1