Extracted

• • Target

    RunScriptProtected.lnk

  • Size

    3KB

  • MD5

    7d7b89cb7fa6155b1e01334175ac1c5b

  • SHA1

    e777ad0ff4d4510ee345c06c34123b279b0b7ad6

  • SHA256

    7c8be71b3cfef2de7343bd48d20e33a6f2f94409d59c50f5ac3a5bbd703789fc

  • SHA512

    bd1ddf6149e7d51339ba326ad6fbd9d0b7eb4a2e6a0ca90cfd6a9024df0ee81e0cc2ac2e77e4c1b86146d4d06ccc24696c320d5ea166cf79d9062ff9d3b22038

  Score

  10^/10

  executionasyncratdefaultdiscoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Async RAT payload

    rat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1behavioral2