Extracted

• • Target

    Shellbag analyzer.exe

  • Size

    247KB

  • MD5

    e5dc76743d789ff02bc6f747804fd327

  • SHA1

    b96c2778e123656266782da48f8b9a84918c8fc2

  • SHA256

    24e23f8bcdde00e6158591a10b0e195d525315fd4cabc0de541ac27f9c17f8bc

  • SHA512

    dc6fa31d3b12bf2786b76bbf74c7d2ef13e5f2a0b09082e693b004fad2efa67eef90cac7586ec43c64705dedcb57cebfd11c865b16706aac2452318842db700d

  • SSDEEP

    6144:iPEGPMVOrVbjlnwF9kfK8rpClz0KBb6o589GHWHWujiSPbp:iPEU9lhgBuj/PV

  Score

  10^/10

  asyncratdefaultdiscoveryratbootkitevasionexecutionpersistencetrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Async RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Event Triggered Execution: Image File Execution Options Injection

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral1behavioral2