Extracted

• • Target

    LegacyLauncher_Installer_legacy.exe

  • Size

    112.3MB

  • MD5

    53eea8664d54198e1989301b12f795da

  • SHA1

    00bddca8bba387a76d6f18fc942859acf9ff5a60

  • SHA256

    a7c997ba3c3e91c048f80f96f08754948428f6d3fe4001bab79c4ae09d06c5e0

  • SHA512

    e05bd2e369b19b818f715a14ceb2c35b2f8409e5524d347d3093ef82667675bf719af17ab77412156aa62748aa17572d622b163bb6d187d917282f49e56ff831

  • SSDEEP

    3145728:kNS0yY1k/bQS8yJQZI3XeKBPKi2O3hE4AGzUVeQgnFV:koqcQ+3XHD2OxEfPQQgnFV

  Score

  10^/10

  asyncratdefaultdiscoveryevasionexecutionransomwarerat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Renames multiple (158) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Downloads MZ/PE file

  • Manipulates Digital Signatures

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Stops running service(s)

    evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Checks for any installed AV software in registry

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1