Extracted

• • Target

    lossless scaling.zip

  • Size

    5.5MB

  • MD5

    d2e4fa32c67e93a31f6b70959148d4bb

  • SHA1

    fe3ba3583e8fcd9aac038f7499f1afc92d7a42c1

  • SHA256

    2ccadf97d8ed69f4aeadda65e580d68467e3b181ab3ba85915e32ed426b2dc6d

  • SHA512

    8e49cca80e0dcd1564cd4fd721dd5c6ab9c86bc5ada0e808bf6dbe4ffbcf4164d599a92187e7164c3f4760aa5498666de3759b0d50e4abbb7c3c5885ea770a6b

  • SSDEEP

    98304:8B8hAA4A/lCXaiy+qHvDAjNXbV4lhCNQGZlJ6Be+4YQDJ3WG347BnRX9F7h/MhJG:8qyFpXaiy+qP0XJ4DIQI8BePYQV3TgZd

  Score

  10^/10

  asyncratdefaultdefense_evasiondiscoveryexecutionrattrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • UAC bypass

    defense_evasiontrojan

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2