Extracted

Extracted

• • Target

    EXM_Premium_Tweaking_Utility_1.0_Cracked.bat

  • Size

    672KB

  • MD5

    33d64072e513e7945f6585d19a3ba998

  • SHA1

    4b790623eb16328d8fb76adf4e32b43cbbaf85f8

  • SHA256

    6057667756c5dbd4b66e7d856e1d045d3a05b8592cc689a7eb5a548cd0c1be4e

  • SHA512

    761a0499955f2d207ff386282f7e955ab4eb3892039e73e77a92f560ed05ac267e301b55ff80bec108db502fa428154af582b7a6b456f0a9975c42d9ab98e0e5

  • SSDEEP

    3072:ZUGzQbmbkAqA2xH7VkKEn14IZVvisLur+K3:ZUGiVNEn14IZVvisL43

  Score

  10^/10

  evasionexecutiontrojanasyncratstormkittyxwormdefaultpersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect Xworm Payload

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • UAC bypass

    evasiontrojan

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2