Extracted

• • Target

    Infected.exe

  • Size

    63KB

  • MD5

    4283bcbe5bea251f8568efc572d431dd

  • SHA1

    dee1cb4e0519ebcf092161ff125902aca428a4f1

  • SHA256

    cfcc492a4c21493b0a1ca52ed0a0552f3388dabb40bfa1db94061269fe3afa4f

  • SHA512

    2270742d31151236ff0a80b9a371a63bfe6bac8e8622a498324c9956711e31292ec61b95714a9f91f5dd9178eb1c22d43a82a7a81e8e0675a4b8bfee1e1296b4

  • SSDEEP

    768:iqWcYBjjj78ZIC8A+X0iazcBRL5JTk1+T4KSBGHmDbD/ph0oXhpwq5vNlSuwdpqM:MZjLXdSJYUbdh9/DvKuwdpqKmY7

  Score

  10^/10

  asyncratstealeriumdefaultcollectiondiscoverypersistenceprivilege_escalationratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Stealerium family

    stealerium

  • Async RAT payload

    rat

  • Grants admin privileges

    Uses net.exe to modify the user's privileges.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Network Service Discovery

    Attempt to gather information on host's network.

    discovery

  • Enumerates processes with tasklist

    discovery
  behavioral1