Extracted

• • Target

    jason test.exe

  • Size

    529KB

  • MD5

    56acec58d46d6f079c16209f4347360a

  • SHA1

    a7587f272a6afc0751ead66478d9a00742ce007e

  • SHA256

    0ebe58286c1f137fa8502c2b9e6f0e60b451409a3caac4125ef0ea10c931024d

  • SHA512

    724b8f625045c27fb6df5a29dda9ff889865349661c6d810b858b97f4ef33ff6a5bee30f5c61d73a304694589c937450dae7d98275fe1642001bb42b79050216

  • SSDEEP

    6144:qbioob8+F2a9boZguBQNYPj2jBoO33tq6qbXaYBc1g5aN9KBBBBBBByygHG/bZ+V:Nd8xZguBiYPAq81g5aN+BVKD

  Score

  10^/10

  asyncratgurcucollectioncredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu

  • Async RAT payload

    rat

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Executes dropped EXE

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1