Extracted

• • Target

    a2ce48432527c70571d0851c190dbc10.exe

  • Size

    185KB

  • MD5

    a2ce48432527c70571d0851c190dbc10

  • SHA1

    77be1e6207462d2826faf1207960e01a26e30173

  • SHA256

    0b35e26564684a04734c5e5e2b83957ef5138a945109c6afed27dd3b07d1a370

  • SHA512

    333bbdfd2a098114b0ea7a2665bcbe005b7dc2fb98d74fbff53b8ea9ba291ccf068457f91843ebc7eacb99b9f5ffa372e1995ff2971a880db4e4ad57b1bf4f02

  • SSDEEP

    3072:sr85CW0rFbKKCYSy5PwoeCe92crn0V2zWN5R3KoJXI:k9RpbKKosPwo68Cny75RhY

  Score

  10^/10

  asyncratneshta12septdiscoverypersistenceratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Detect Neshta payload

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2