Extracted

• • Target

    skibiditoilet.bat

  • Size

    387KB

  • MD5

    6ec5500db5d8212dcc568b18625ec02d

  • SHA1

    ff54436163b39f0b5fbee0ca7979baa17575b11b

  • SHA256

    c605d818ed30ce011d0116ba907cda2395086d28ef59c5ffd9cdd88b70da9586

  • SHA512

    0357463151a2e0e383a69a979276f4d88f62a23c40bbaccad5f81e99b7d93f41fb0b99802f46bec907795e211bbd1f941564708b78be269282e0cfa475336551

  • SSDEEP

    6144:GhtfNR4FRR7UoSJGUtNQN0+XLTVWJ9pCI5LhLZijlLoppEkyeiUolokyX288+8L2:GhHR2i1zQN/BWLpq2pE+gJU2c8TW

  Score

  10^/10

  executionasyncratdefaultrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Async RAT payload

    rat

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Drops file in System32 directory

  behavioral1behavioral2