Extracted

• • Target

    b01f8abc812a17b3fe0a6dd06b9dfc2f99a153dad1a8e3e325fab7f95bf78cde

  • Size

    74KB

  • MD5

    6c9944b8a88b29b1b09f66f7e0b246a0

  • SHA1

    d3a0a1dd2908321d2086b236d4a8411f11e6e574

  • SHA256

    b01f8abc812a17b3fe0a6dd06b9dfc2f99a153dad1a8e3e325fab7f95bf78cde

  • SHA512

    1d129611ec5000a841a462305649afdd6a9ea1c4ccfe790cdde2a1244c5994e349f1ad01ead0f5db4521c98efd8c0b65f16cf9459b9bb57586c227f276a34b56

  • SSDEEP

    1536:9UHNwcxKHXwzCtmPMV2e9VdQuDI6H1bf/l8wIKQzca7VclN:9UHicxK8WmPMV2e9VdQsH1bfN8eQrxY

  Score

  10^/10

  asyncratdefaultdiscoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • VenomRAT

    Detects VenomRAT.

    rat

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2