Extracted

Extracted

• • Target

    b8f6f9e8718c5abc0d2d64183fb1a103f0a7caf763ba29cd96aae03f810411e8N.exe

  • Size

    89KB

  • MD5

    ee5fa211e0dfb2e96a3953d4bace7850

  • SHA1

    65884c08e3876e8aeab4f5172d48e203e60ab75b

  • SHA256

    b8f6f9e8718c5abc0d2d64183fb1a103f0a7caf763ba29cd96aae03f810411e8

  • SHA512

    ff98b501ac22fdfc0b458b9e726388bbfe8d775e3988d83312a6551cdd57d21de1d87b3f8d9bdf4f9ec50cfda2e5b360e136d09e8f76000301e510ee63accf65

  • SSDEEP

    1536:z7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfAw3Oj:v7DhdC6kzWypvaQ0FxyNTBfAl

  Score

  10^/10

  discoveryexecutionasyncratvenomratdefaultrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • VenomRAT

    Detects VenomRAT.

    rat

  • Venomrat family

    venomrat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2