Extracted

• • Target

    9JFiKVm.exe

  • Size

    479KB

  • MD5

    25f00b7c2ff3ae44d849863c1e47b096

  • SHA1

    90203d582817c0b1e0778e53ab8ef63c2505d912

  • SHA256

    0a7602edc5309eb0683609f1e54bc11052e046b2b3f61f64397526fa935d7c6d

  • SHA512

    144af31085439aabccd2502e3999de5952e58b708ccc9b8254381caf74130bec801f67a55c06614814a311b3093cdc88ebddc63508557b2157c0b15f88f23a15

  • SSDEEP

    12288:7AJ0SiRi56OkEAmD5ZPfrzp+5ifMNVbVciqzSsEO:U0S496z8o6bciPst

  Score

  10^/10

  asyncratstormkittyvenomratdefaultdefense_evasiondiscoveryevasionexecutionratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Modifies Windows Defender DisableAntiSpyware settings

    evasiontrojan

  • Modifies Windows Defender Real-time Protection settings

    defense_evasiontrojan

  • StormKitty

    StormKitty is an open source info stealer written in C#.

    stealerstormkitty

  • StormKitty payload

  • Stormkitty family

    stormkitty

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • UAC bypass

    defense_evasiontrojan

  • VenomRAT

    Detects VenomRAT.

    rat

  • Venomrat family

    venomrat

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2