Extracted

Extracted

• • Target

    Dropper.exe

  • Size

    18.0MB

  • MD5

    392b044ac8ee5751045a163b2d1a358f

  • SHA1

    56429e69619c0e69128732051db6e0e9bc40c18c

  • SHA256

    1001e70668789e08f7979484610e5246fa3c760142bc3ca8a55ce3da2301907a

  • SHA512

    2d0fd9963373132fde1d442d742efc95e8510f61325518aead420eeffb70e2a7566d95d3015ad930c4beddd2aa3d5b937b5711d0b0d09ee795eb6136aa26409b

  • SSDEEP

    393216:m9YidhKRmmb1TfHqO1UyXMCHWUjlVg74wdugWIPPVBFVVJo8W:m9Yidh0MyXMb8PDwduGPPVNV+8W

  Score

  10^/10

  asyncratxwormdefaultdiscoverypyinstallerrattrojancollectiondefense_evasionexecutionpersistenceprivilege_escalationspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Async RAT payload

    rat

  • Modifies Windows Firewall

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Clipboard Data

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2