Extracted

• • Target

    RoundTripItinerarydetails.vbs

  • Size

    780B

  • MD5

    44a1dc576cca328a09abc1747cfc6984

  • SHA1

    30edd4c5e409ed9702b2ae4a5d16c07dde4e873c

  • SHA256

    dac02b322f310cdaa789470be4bbf41fa842781a8010c06aaa346f1e87f96b72

  • SHA512

    af3d479790b667aeb268c5304f2490c8d17c669de48ecb5222c9c6c900f3c289417878af5fd5faca16bb543ae5097ae2073f10d5ea80138ff82aaa246b23e534

  Score

  10^/10

  executionasyncratsafemodediscoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2