Extracted

• • Target

    Q38640AVIODIRECTS.A.vbssss

  • Size

    763B

  • MD5

    d7c09fc37c89eacbab1fe3af84ed2b95

  • SHA1

    e970ba8fd92b2041c0ed6946f0558dc6ef5ee2ae

  • SHA256

    2f237f87b7a27b0507d041c9fdcf4c65e56914579c5be8aa55079804ab5f4f57

  • SHA512

    26183d29dc1c59423210fbb48ed0cb096e20e28115e347a3bac3a1765aff747fa922535e05644ac29ee5f515b8789cf3183cf227b4051612516e01c1e3932d51

  Score

  10^/10

  executionasyncratdefaultdiscoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2