Extracted

Extracted

Extracted

• • Target

    asdasdsa.txt

  • Size

    43B

  • MD5

    4ebb1532e7a39ebff63f7ec2b66ddc42

  • SHA1

    765d8f007d393b862cea122a7b9de3bda78c6611

  • SHA256

    846ccd88c8f4d661c315d6845df3d6d98a9f39304859896b9f962f384fe9bc42

  • SHA512

    1651abb23f7b74833cdd61f0c7189e92afba45dd55909e7e54a3b8fa8dfe2fc6b8a30c86c09637b516a959795e9a4ae72be868f47b1f4eb2046ed7e32db9aaf5

  Score

  10^/10

  asyncratgurcuxwormmassagilenetexecutionpersistenceratstealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect Xworm Payload

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Async RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  behavioral1