Extracted

• • Target

    Infected.exe

  • Size

    63KB

  • MD5

    c842ccf5599a37e82191fc67fb5e9123

  • SHA1

    59a204a05b7e6ba6164105614092d8e3eaf141be

  • SHA256

    52adfe5797b14ea67d9d9a78eca85a5ef016cc121f439fbfe8f7219dfefd1303

  • SHA512

    efb92b33a593f2649d91b0c1533f07277a066256b12bdd5e993a6c8c56946eea214fa9732801e3dfe0eeda5ee6636b97dd956e0fcc272ac27d076e488f05a8ac

  • SSDEEP

    768:QvsM2sk/978SQC8A+XjlazcBRL5JTk1+T4KSBGHmDbD/ph0oXnuP5zApJhUVYSu6:j1/M/dSJYUbdh9nuP5zeGJu0dpqKmY7

  Score

  10^/10

  asyncratdefaultransomwareratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Renames multiple (3202) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1