Extracted

• • Target

    INV-23072024.vbs

  • Size

    24KB

  • MD5

    34a34dad70b083609afdec67aa301d25

  • SHA1

    9d732c12eec2e360029fd11cf5fb7ce53e46aeac

  • SHA256

    b7db18ca4db36e201c612c229b392900577840e5d927f741fabf5bef839b03f6

  • SHA512

    0c90b881faae80756ebf443f90b2643e16858b2e285832f7b88d71dea96c6f7b80ef8f7966a6972d2e767ee92be69094e98778730db58de71348b315fd894ea6

  • SSDEEP

    192:qJpGsTSprrrTkrLTUJFrrMT+TGr7fTbJRr14DJzAWA2tDnHJLJIJ0JdJSJ4J6JLc:aIPIwQy8b1MtDnN

  Score

  10^/10

  executionasyncratdefaultdiscoverypersistencerat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2