Extracted

• • Target

    spoofer.exe

  • Size

    3.6MB

  • MD5

    9316ff653c4cb2798b93c8933f43e61b

  • SHA1

    6c260ac0087aabb66b893afc3ef0955b982aea77

  • SHA256

    297e4ac9c22cf38b58241d60e16e4395ade705ca15769b796e9dbfcb5ac12aec

  • SHA512

    03ba1ab43684307f1b9aada2e7330bf65ca664f100610d69891bff2b3bbd5198cbc4da00967993bf8891cde79ab4128737b944ac97e9a14de3109e3262919bc0

  • SSDEEP

    98304:QkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13U:QkSIlLtzWAXAkuujCPX9YG9he5GnQCAB

  Score

  10^/10

  asyncratdefaultcollectiondiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Async RAT payload

    rat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2