Extracted

• • Target

    33049587783_SC_PDF.vbs

  • Size

    124KB

  • MD5

    21240c47b62ab8ec3a2c5bd3a8346139

  • SHA1

    e7cec79c61f05c0098fb482752204e6cc98bc256

  • SHA256

    6c3b11ec24150c5a9fd09c81a747494aa356c9d26ebe93dee5fd99b751f53e42

  • SHA512

    0c277c57b1b7d5c87eb8b417a30a3224fc79f4e02f4056962a7769c16823c62254d2fb7b3fd2b0e324d936ad834ff2f6440813da0ebd4a23510cab3a738dd813

  • SSDEEP

    3072:+50KKKKKKKKUKKKKKKKKsKKKKKKKKqDyKKKKKKKKg8KKKKKKKKjZzAfKKKKKKKKj:+aKKKKKKKKUKKKKKKKKsKKKKKKKKqWKp

  Score

  10^/10

  asyncratdefaultexecutionpersistencerat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3