Extracted

• • Target

    bbfda112b2d2742ec593b14cf9a0d2558cedaa24ae89d0cc9b5c94b94705c772

  • Size

    1.7MB

  • MD5

    0dac2872a9c5b21289499db3dcd2f18d

  • SHA1

    6b81e35f85e2675372b1abe5c1e0b2aff5b71729

  • SHA256

    bbfda112b2d2742ec593b14cf9a0d2558cedaa24ae89d0cc9b5c94b94705c772

  • SHA512

    2bb2c356b2782f1217c57e3422e5fdfd6b41e4b25bcbdfec1e4707c4874127e70c4ae249eba20f5c158d994d5b5c30cc0c84cc9396d6895f2b625ac1e1bd3b76

  • SSDEEP

    49152:EzQfCT0ay5jIRZRQ+uGZU9zQfCT0ay5jIRZRQ+uGZURH9:ZNlIm2U6NlIm2URH9

  Score

  10^/10

  asyncratcrypteddiscoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2