Extracted

• • Target

    fd7a64d15e03608dceb95bc0912b39f9b94327b7ba8e6c989aa29205c3819184

  • Size

    1.0MB

  • MD5

    f7ff29ed9c4f2bf03a3ee92e71cc07a4

  • SHA1

    c6fbd7f4e8f4410b86d2bf5f59fcc0c3b9f1f41a

  • SHA256

    fd7a64d15e03608dceb95bc0912b39f9b94327b7ba8e6c989aa29205c3819184

  • SHA512

    a2bf2e20325916a465111ef6b868eaaf2af469ff7f8d7c39bccd6fc1baf4df1daed7dae43231bbfef0a27e85cb13f86df3be324bfbcc7f296001ac340e211d84

  • SSDEEP

    24576:okJt1G8kI9YvYgfSsjsUT5VvZB5noWoTpiPTtZFZBLT9wUK:930z6uDT5BLVoWoiPTtZFZBl

  Score

  10^/10

  discoveryasyncratzzzzdefaultenviophantomrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2