Extracted

• • Target

    3e18bdf74f3caef770a7edcf748bdaf0e6a4a21664e69.exe

  • Size

    1.1MB

  • MD5

    46441da6848047284fdd6a2dfa19b802

  • SHA1

    bbafc91be5b5c0a1248aac8e485aea1a7a4fa03c

  • SHA256

    3e18bdf74f3caef770a7edcf748bdaf0e6a4a21664e69bf765371529aa07db9f

  • SHA512

    dc409438ede1e2323f2cda5d80bd9653e69d2b2032f71f24c891b9eb8974c0a02862f69bac427040ba842f80816a926c0da9e14774e94aa94094e58e10988e09

  • SSDEEP

    24576:VGww9lBnPggHU8mVJvw6ZSYqF72ukygkw0+iAjuS0tdAgxYnGGq:4h08mTNZMF7t/rr60td2na

  Score

  10^/10

  discoveryasyncratdomainrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2