Extracted

• • Target

    9780_output.vbs

  • Size

    203KB

  • MD5

    0fa1cc8286bef599f8b2ef9827cbe77c

  • SHA1

    6ea37fd1ebaf7862463c52b599397c5bac7d14cc

  • SHA256

    378632fc3ad9d88b55ef4494b897cc7eb5d3995c572b3bf4b7a86c88e395105c

  • SHA512

    df6026088cdee9a57dae4484c6eb78d9f84dfc290c16c13ac555fdab0b117e45a6d44ae7204f1b0aaa1915412af7835301c3b3a9944e793dc41e97cdd81b7f06

  • SSDEEP

    3072:a7H0KjIzs3jJXbHc6XVEZDcpBj8n6R7Nxoa7RA9lOxAuAEnF6TGpE:aYKj7jTq+oaGOAurE

  Score

  10^/10

  asyncratdefaultdiscoveryexecutionrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Async RAT payload

    rat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory

  behavioral1behavioral2behavioral3behavioral4behavioral5