Extracted

• • Target

    f63455538c0972c9d71c491b22ba5c8a28c76403afe3305229b39e40d47ed060.vbs

  • Size

    1KB

  • MD5

    29bc1b08a6307d5c7b33c131481ddaee

  • SHA1

    d1fcf6b2339207250d917acc48f793d31dfec3ff

  • SHA256

    f63455538c0972c9d71c491b22ba5c8a28c76403afe3305229b39e40d47ed060

  • SHA512

    bd642a00ccb2237362e9b7b7a1ed7ee446b92f7d69a23f1c356be33933a542c0c7cf62ae5fe7f4ab95f7072a3055c2f45c6c012e89d46c4f337a5d0afff1f0b2

  Score

  10^/10

  executionasyncrat00000001discoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2