Extracted

• • Target

    74e02a922753dfedb02f3935bc7c0580c27abf56332d5e5bf5c82d4a1a30fb03.ps1

  • Size

    463KB

  • MD5

    ecea62fc04e5c336d1552a0f6334c1a9

  • SHA1

    968c6608c5e5bb5c3bd47b8f02e432b5138d6511

  • SHA256

    74e02a922753dfedb02f3935bc7c0580c27abf56332d5e5bf5c82d4a1a30fb03

  • SHA512

    71c048b488e7a13bb4100a3d3466acaebc4782893a5e1479e43206ed7a09b07a79119e320ca0bf21a1dc43ef09579f77ce0b0de9f37c54ea76365dcf51607fb3

  • SSDEEP

    12288:y1SyZpgmE+NPVFL2bUCUrNlKomLJVlCzhPbw:y1SywmE+NPVFL2bUCUrNlKomLJVlCzhM

  Score

  10^/10

  executionasyncrat00000001discoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2