Extracted

• • Target

    953609b93c1d99dcf0c6b51696bf996de7921471b3038d35900ee5de70f0f4d6

  • Size

    865KB

  • MD5

    1f63f65a13c156366bb3370c6165a153

  • SHA1

    1feb9bcacad7b70bdceee1cf72390ff31c5af10b

  • SHA256

    953609b93c1d99dcf0c6b51696bf996de7921471b3038d35900ee5de70f0f4d6

  • SHA512

    49604b1ea4a49cd19d03611523534a030968d0797d1144c13368fb416cb5e4504e45fc129a822c2a5a043eb427763faa97a3df2fa33b29fd33cab3338b5f30b4

  • SSDEEP

    24576:aZh13xqP7FxDhfSbWwEVjUc5jth0+hf3k:UUPXtfSbWXVJjwK

  Score

  10^/10

  asyncratdefaultpersistencerat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2