Extracted

Extracted

• • Target

    PNSBt.js

  • Size

    103KB

  • MD5

    82bf71f9d463c60e2304cbf9f9cac022

  • SHA1

    d54cce9d9a238310b00d154c9f35033e62ca1d81

  • SHA256

    3f354bdb3557ffb64892e788c439adc0da9f7fd4f39b143a1cc2d8f7059b4488

  • SHA512

    19bf4493c19a438fbd21266f012f21b22a2cf0448db22c41d9994afaa200a04a621968737953c12408f7d31e9c8c0bbd253e900823364210090e98a841b5004c

  • SSDEEP

    3072:MHXp+q62Nhxdd5pdq61HXp+q62Nhxdd5pdqsVd0HXp+q62Nhxdd5pdq61HXp+q61:k3/13jc3/13+

  Score

  10^/10

  executionasyncrat*** 19 nov ***discoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2