Extracted

Extracted

• • Target

    2dd40beb048efe94f7a62ac83f95a5da2815e05a248ef970dff3f20a4eb8f609

  • Size

    681KB

  • MD5

    00e1431f15d4e7d7521adaf56d1cf9eb

  • SHA1

    63c4a9d2327a46296e4d54c9baeb20f683ec9d87

  • SHA256

    2dd40beb048efe94f7a62ac83f95a5da2815e05a248ef970dff3f20a4eb8f609

  • SHA512

    c0e78ad73ffa3f4c0ab94ce0e21dd3cb0638cdbccbe5b3bcd0d841193a11fbd3485c176b010c3196b21d940dfa5b18f09f53e3dfdd28c5ba881df1637584118d

  • SSDEEP

    12288:Cp1zzClVwk1lf0PmOPRQBsoNiDgOIu9diWKg0p2/DqJg7:Cpx8VwkiWaUOIuXZ

  Score

  10^/10

  asyncratredline3333----japanese----3333japanporndefense_evasiondiscoveryinfostealerrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • System Binary Proxy Execution: Regsvcs/Regasm

    Abuse Regasm to proxy execution of malicious code.

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2