Extracted

• • Target

    16c657e788d1b5f6ba16f1880ae3ffa2.exe

  • Size

    6.8MB

  • MD5

    16c657e788d1b5f6ba16f1880ae3ffa2

  • SHA1

    edeab1c565bb7860376221694cdb6ceeb0cf12ac

  • SHA256

    6eaf94adedafef8b385c51dfb63306d4424478ed3ad5e7a4508e5bfcc5248565

  • SHA512

    225ae023f64bc9bd9d52e0ba0edc2806eb5d43500a09c789733f17a813897f93598794581a16e0ea0812b79adf222e369b7c3b7c0cf0d52a6a6e2b3d9e5d4e0c

  • SSDEEP

    196608:YAFbheN/FJMIDJf0gsAGK5SEQROuAKfv/D:0/Fqyf0gsfNpAKL

  Score

  10^/10

  upxasyncratdefaultexecutionpersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2