Extracted

• • Target

    683f0e829eeb0860f19ac325bb399d4bb4837d9c011ac018fee6118490a1666c.exe

  • Size

    17.1MB

  • MD5

    4ba81cd6a16ffd3bf5e0e7338df60a5f

  • SHA1

    e92ec4e696661c50d2ccbe05e44d19c413f58d18

  • SHA256

    683f0e829eeb0860f19ac325bb399d4bb4837d9c011ac018fee6118490a1666c

  • SHA512

    3113b8c8eb65a3a927c10762d24fd871fa9ca29df2f5121272b6a8e46ec48a8cd1b6957ebfa4bc70084e68f14cf7eeb5f676c7d65672fe0aa0a4865a78c1c26c

  • SSDEEP

    393216:/Fj0IBCLzNxfYrp0ei6EMF9AFulgy8k7JaajjfHnDY5Su:/FXBmNOrpHi6E0Uk7wSnk

  Score

  10^/10

  defense_evasiondiscoverypersistenceprivilege_escalationasyncratvenomratdefaultexecutionrat

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • VenomRAT

    Detects VenomRAT.

    rat

  • Venomrat family

    venomrat

  • Async RAT payload

    rat

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Network Service Discovery

    Attempt to gather information on host's network.

    discovery

  • Drops file in System32 directory

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2