Extracted

Extracted

• • Target

    sex.exe

  • Size

    6.1MB

  • MD5

    06a11d92b4c9034fde9061fce77b5dfb

  • SHA1

    6421a62fff6d51f57293b669b0083ed423566d80

  • SHA256

    0ff1f7a2f230eb0c641dc7951cba276cf76c678ac0c0af337360d5594eacaaf2

  • SHA512

    fa147a8047023094875b2e3305126a5de8c695e814320fd818ca2736d19fa08034528400b2d3afdbde981d1f49a06d532c32d3442c167ca23d610285e31e34e0

  • SSDEEP

    196608:WSkSIlLTUcwti7TQl2NgVg01MWAXAkuujCPX9YG9he5GnQCAJKN:nkSopwtQQl2aOtXADu8X9Y95GQLJ

  Score

  10^/10

  asyncratgurcudefaultcollectioncredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Gurcu family

    gurcu

  • Gurcu, WhiteSnake

    Gurcu aka WhiteSnake is a malware stealer written in C#.

    stealergurcu

  • Async RAT payload

    rat

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1