Extracted

Extracted

• • Target

    feather.exe

  • Size

    166KB

  • MD5

    fad02083c3a1d764db408e919d1430ef

  • SHA1

    f0e36f0c51e259bb801c1b53767b4d2b70e62ac2

  • SHA256

    f4cbcc2254e8b74d272b7148322a08159d4e4293fa825cb7547e319fff13ca8d

  • SHA512

    108ed0ebf60ab3ba4b5ff9a39156278a13200b8854a5e520bca1a7e5a6ec04e674cd7633deb67657fbc32488a3d31490c4dd03ef14f541f906f067338646c56c

  • SSDEEP

    3072:09AtuJ3r8fHevWOVj2VFPTUuRKNhzvpLXLTrfQVCaA0i:096uJ3rSpbPXRKNdpLXLTzQVCaA0

  Score

  10^/10

  asyncratxwormdefaultexecutionpersistencerattrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Async RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1