Extracted

• • Target

    0842370177abe09ebf9df068a902969bef897b1ca6d3e691493f35fddea6021cN.exe

  • Size

    2.3MB

  • MD5

    8b6a57a8a3855b86a441a639a752ba00

  • SHA1

    0d17b1246374b7932f011c98c4fbb0f2a4f5efdf

  • SHA256

    0842370177abe09ebf9df068a902969bef897b1ca6d3e691493f35fddea6021c

  • SHA512

    4fbcfecfad061142789f1195eeff4a927184abaca6d26155ea9ff428c08e1557a34181f19b8313e46b273e99a4ff97b268c85252f1a0911bb71d450cf7f83738

  • SSDEEP

    49152:QhU1VeVUW8Ia/cGlnFQh+iSehfxmumKNRh2VSvuPC1YHsDWMHGVa526:weCa/BFKd3g4b20vpWMKir

  Score

  10^/10

  discoveryasyncratvenomratdefaultexecutionrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • VenomRAT

    Detects VenomRAT.

    rat

  • Venomrat family

    venomrat

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2