Extracted

• • Target

    472819b55a8804b4d8787f5e45cc9b1aeb1026d5819f06e91bbc022d53ccae5c.exe

  • Size

    663KB

  • MD5

    7b05be5398ce2cbc424d40b82b8bb4fe

  • SHA1

    6c158dc6c7324e5b76bb9d89916261c778c23f63

  • SHA256

    472819b55a8804b4d8787f5e45cc9b1aeb1026d5819f06e91bbc022d53ccae5c

  • SHA512

    ddb856adf6ddf8d8f696b48a1b5d27584be742bc9f47e4bf07b0dca101be9afa598a087d7bc8e5dc9c0d515d0e7333093ef4c597bd8d3197a2e340caf9da8257

  • SSDEEP

    12288:fU3929BC4rqhpqBHIA01a29EprIHAJp3UadAAHkR:fU89BNuhaoEprIHAJpkoAr

  Score

  10^/10

  asyncratdefaultdiscoveryexecutionrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2