Extracted

• • Target

    747.exe

  • Size

    7KB

  • MD5

    d7378a262909fac70f5aa9f41a0811bf

  • SHA1

    26f608d7c3d1a71057ca90e912359fa0c4358cd9

  • SHA256

    9750eede207cae12bfce4c50dd1aac7edf9a54bd5f5b64d4ff8bad5d0b8394de

  • SHA512

    d495eedb7de852296034a669393f054ec79397dedb45048e7a0880bbe7021a9ef0d1825f18dfe67d8d2b8dc52c453cd5d2bfe0086fc9da42270fbbc5959170ba

  • SSDEEP

    96:X5T40gK4WFddriIe08H7yjSN+PlQ29zuGnGAOD1V6TuiO9zNt:1gK4WTn8by6IyYzJGxhVYub3

  Score

  10^/10

  asyncratdefaultdiscoveryexecutionrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Async RAT payload

    rat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2