Extracted

• • Target

    Infected.exe

  • Size

    63KB

  • MD5

    f9caeabd873c3735af9b6bf7118d4955

  • SHA1

    ce94b174c93e8716d5ea69cdffd8f83cc138c1cd

  • SHA256

    3ec778942e2d803125fa551096a19a7f1e3cf0a9f513aa6633c96dd584dfe204

  • SHA512

    12fdaa215362ef00d8258d3764d6bf0fe58241034f468d072fd748ac04cbc5df0c6fe5090ed1cdd7112af334ce47e9c881896c92761c7a3d5f12c0a2fc5b3dbc

  • SSDEEP

    768:UURIVdHlA78rAC8A+XQaazcBRL5JTk1+T4KSBGHmDbD/ph0oXs0efLm3SuodpqKX:fwlgLdSJYUbdh9sxKiuodpqKmY7

  Score

  10^/10

  asyncratdefaultratstealeriumcollectiondiscoverypersistenceprivilege_escalationspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Stealerium family

    stealerium

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1behavioral2