Extracted

• • Target

    LMAOBOX2024UPDATED.exe

  • Size

    120.1MB

  • MD5

    264a408d44003e37218ddc3a89b5bab9

  • SHA1

    5b5c26831e56fce1c5e9c4a786f4d513d71cec72

  • SHA256

    b2bec8f81ead763ca0c4832018b182e897d3ad1c8192ce8757dcf7bc11bba34b

  • SHA512

    1f8b0189d3f3264d3b22aa65863aa8631851a372ee431d3bf6e0e466460a5e824598315ba2e3f6935639a92573019d64ba3e1f4d23acbf391bae9ea558780fc9

  • SSDEEP

    98304:CI7LjGgfbY1A+kd+wx1x1jF/IUSqKjJ5//4riHjHUUeX8QCxsoZz4MR002hO:CA2kd+wHx1jdPSToriHjdQ8QhouO0

  Score

  10^/10

  asyncratfishingcollectioncredential_accessdefense_evasiondiscoveryexecutionratspywarestealerupx

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Async RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Clipboard Data

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion

  • Enumerates processes with tasklist

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1