Extracted

• • Target

    Adobe-GenP.exe

  • Size

    53.5MB

  • MD5

    aefaebe48f578958c832f359d62406c1

  • SHA1

    da6313c09ddbc2bb7ec5e0acc8a0c9d49d5d0051

  • SHA256

    a5238e60cbe814a8021050ddeb4c9569eea12cf8379d689e0cd84bb83a9b8266

  • SHA512

    e1cc0b6b2a19c0c511ff22a777a1b8db8296bca2797be32e837cab7ee4763104968de84f0e89649bbc0ae79b0812e3970712a3ea50a7f1a5b98e254b49f4f5e5

  • SSDEEP

    1572864:pudEgIEMQXW+iffRUBPRD1peCaz5JuId9JWMr4bJz:phEMQX7iffRSR53W/l9JW2O1

  Score

  10^/10

  discoveryexecutionpersistencespywarestealerasyncratdefaultrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Async RAT payload

    rat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  behavioral1behavioral2behavioral3behavioral4