Extracted

Extracted

Extracted

• • Target

    test.txt

  • Size

    18B

  • MD5

    5b3f97d48c8751bd031b7ea53545bdb6

  • SHA1

    88be3374c62f23406ec83bb11279f8423bd3f88d

  • SHA256

    d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

  • SHA512

    ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

  Score

  10^/10

  asyncratauroraquasarseroxenv15.4.1 | venomvenom clientsadwaredefense_evasiondiscoverypersistenceprivilege_escalationratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora

  • Aurora family

    aurora

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Seroxen family

    seroxen

  • Seroxen, Ser0xen

    Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.

    trojanseroxen

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Async RAT payload

    rat

  • Blocklisted process makes network request

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Indicator Removal: Clear Windows Event Logs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Drops desktop.ini file(s)

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Legitimate hosting services abused for malware hosting/C2

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1