Extracted

• • Target

    leclient.exe

  • Size

    63KB

  • MD5

    516f81d3d2bd81638c90c4bedec6601a

  • SHA1

    3722275b4a7cf17133c11d01d57889b860adfa39

  • SHA256

    178bf6d0bc3dc22ee2887cb5535bbd74d107780bcd77f6e6d0139dd46e593164

  • SHA512

    adc0d412e0a122ee66b61ccaebed5150c797d58b0ec1b5e7ea137878f27ad70c03c2039ffd285339c3143730927d3dea38463554ecf908644259419d7319c649

  • SSDEEP

    1536:e5a9jPpYciRUTjJvywE68dPkSTUrsG5eMyevGbbkwqDPRuGbUVclN:e5a9jPpYciRUTjJv868dc9rsTMHvGbbe

  Score

  10^/10

  asyncratdefaultdiscoveryevasionexecutionexploitpersistenceprivilege_escalationransomwareratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • UAC bypass

    evasiontrojan

  • Blocklisted process makes network request

  • Possible privilege escalation attempt

    exploit

  • Drops startup file

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks whether UAC is enabled

    evasiontrojan

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1