Extracted

Extracted

• • Target

    EXM_Premium_Tweaking_Utility_1.0_Cracked.bat

  • Size

    672KB

  • MD5

    62effd806c73fab27bdae3a51dd955d8

  • SHA1

    8ce251bd3d0a31fca442884a3fe0ebe940d08ca0

  • SHA256

    63577b4677fe321246f2b6991639c920b55d4991b8fcf5986787ea1cd55e3250

  • SHA512

    19e954a8bdae76848188b2b12675bce8d56df30e6ffaa9e7b07b888631419e23c2f40e176ed8ea7f7b6b0a7ae7521ca06ed6dc4cb53663bf9b7fdc888dc7aaaa

  • SSDEEP

    3072:FWGzQbmbkAqA2xH7VkKEn14IZVvisLur+K3:FWGiVNEn14IZVvisL43

  Score

  10^/10

  asyncratstormkittyxwormdefaultdiscoveryevasionexecutionpersistenceprivilege_escalationratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Detect Xworm Payload

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • UAC bypass

    evasiontrojan

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1