Extracted

• • Target

    Shellbag anylizer.exe

  • Size

    237KB

  • MD5

    52eb3517bc8917d50d5426bece8fe91c

  • SHA1

    155edb28b839902d53051e3d3e442896a6ca54e0

  • SHA256

    7caa89af07680e877b3bdef6b354687b3540dffe556ad9e8797f111aff3b784a

  • SHA512

    de247dbb553d7bd910c01abf8a26c675d2fac68bdd64b7d6539d91940f35aef9ed913a150d9b7153f44ad3c23056461b8d92b50ccf841f93a09e0f57f3e75096

  • SSDEEP

    6144:PJLbLwF9kfK8rpClz0KBb6o589GHWHWujiSPbQ:PJdgBuj/Ps

  Score

  10^/10

  asyncratdefaultratstealeriumcollectioncredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Async RAT payload

    rat

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2