Extracted

• • Target

    RAD. N° 026487303 ACCIÓN JUDICIAL EN CURSO..vbs

  • Size

    326KB

  • MD5

    d83345b5c7d4e155a8e57631994bc7d4

  • SHA1

    d042ea6d57b57b1cad8b3e255284c9b86a392929

  • SHA256

    2d3263fdf0f73852319cdaed3604d12ee40b972f47562bfad30c1a1bb3a47787

  • SHA512

    bb14b26eb8bf8632660f661293424076bf560f591de305b2a7dba18bc7f3e9592357dbd161472b248e0de4a238fe4bf8a121217520c29e192e5654e5cca4bc9f

  • SSDEEP

    3072:VXLVmI3b0mgfmWu+ze9VOv5iG5sVhQ30Wk+70wgA11:VXLVAe9VOvp

  Score

  10^/10

  executionasyncratdefaultdiscoveryrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2