Extracted

• • Target

    Infected.exe

  • Size

    63KB

  • MD5

    2bc3f993bd6f8d453d1713abe771ff15

  • SHA1

    46a5ae1a18b6e4ef04df6fbf6af8bbc3c5bed3d3

  • SHA256

    1d2e01cb8271f99e28d34c0bae6921b3d4102eadf1564a0049cd7ee45ffd7111

  • SHA512

    28c71c3d64d7264d8982e7d6d8180e1378ddaaffe0cfd591c8c075bee82305667c6e5a3b367dee737568ce63ec3aca5c4959ed198aeca0c531b7ef4664748d41

  • SSDEEP

    768:Cm0vnfEXf78awC8A+XU2azcBRL5JTk1+T4KSBGHmDbD/ph0oXKnKWwkSusdpqKYC:qEXiLdSJYUbdh9G/wjusdpqKmY7

  Score

  10^/10

  asyncratstealeriumdefaultcollectiondiscoveryexecutionpersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Stealerium family

    stealerium

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Command and Scripting Interpreter: PowerShell

    Start PowerShell.

    execution

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1