Extracted

• • Target

    c7ac99bcc4da738591f52c91fd6ef86533a83a944e68be031c11f0484ed2f5bdN.exe

  • Size

    3.6MB

  • MD5

    ec6412e356b57c420abd26cccdb8c140

  • SHA1

    0f386e23c2a088a017cdf5aba237ff816265285a

  • SHA256

    c7ac99bcc4da738591f52c91fd6ef86533a83a944e68be031c11f0484ed2f5bd

  • SHA512

    9ea1acccbc13cbb2566eb97e39e7b40bf3b4b7f214122a72d941e4563de6eae244b6bb3c632d569254101aa8f12adf6ade2e068430a8b7e103b8113306cef1cb

  • SSDEEP

    98304:kkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13U:kkSIlLtzWAXAkuujCPX9YG9he5GnQCAB

  Score

  10^/10

  asyncratdefaultcollectiondiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Async RAT payload

    rat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2