Extracted

Extracted

• • Target

    vFZVFC5L

  • Size

    2KB

  • MD5

    5992764c3310bcaf002862106251528d

  • SHA1

    07e7475f2903ccf4e5bd59765b31139917da53ac

  • SHA256

    1da9aa30170a4cba913980d52b93da67cd0fe7e0eee9c22555a234b1ef0531c4

  • SHA512

    ad304cd9e1e84b45bbf39cbb91964eb98d3e66cd523f10284a8cdf52cfa9ad6e384ba4d582517220266414aac468a5037f22e62b4aee343811c605cef25d51ed

  Score

  10^/10

  asyncratgurcudefaultcollectiondiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Gurcu family

    gurcu

  • Gurcu, WhiteSnake

    Gurcu aka WhiteSnake is a malware stealer written in C#.

    stealergurcu

  • Async RAT payload

    rat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1