Extracted

Extracted

• • Target

    youtube_gh9lfOdCjAA_audio (2) (4).mp3

  • Size

    579KB

  • MD5

    36e09440b78e3d3eb2030ab6afcb0e61

  • SHA1

    b6fa8f88c98ef55cf5977643b313f27c954fd2ed

  • SHA256

    a3c5117ed4b12ed1a1752fdc2cf01f7f10a5b305e77a1db0dde061c6df45477e

  • SHA512

    dc65a17daa7a8064e8d529f03ee228b292e6a632536d5a34e286df0a7d470eace66cab24717398cf0c125bee2ea48aa29e746648e4c75a4f6113c52eea448872

  • SSDEEP

    12288:OGgmVUJGKsaCMuKloXcmcExRH3FbezoJXK3eRsAr0c2PeJqDG3aydRbMv:O5oMDlGcmcExRH3FbeyXKOdpENqbU

  Score

  10^/10

  asyncratgurcudefaultcollectioncredential_accessdiscoverypersistencephishingprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Gurcu family

    gurcu

  • Gurcu, WhiteSnake

    Gurcu aka WhiteSnake is a malware stealer written in C#.

    stealergurcu

  • Async RAT payload

    rat

  • Downloads MZ/PE file

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • A potential corporate email address has been identified in the URL: [email protected]

    phishing

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2