Extracted

Extracted

• • Target

    Downloads.exe

  • Size

    1.6MB

  • MD5

    5b932b7539c1c070a3c4bcc36b17ee76

  • SHA1

    c97e12d44f6ba85e9f8de6c25c364ab70a583c41

  • SHA256

    33f30f4d6e8cd97f6bf5a1224dbcaf7927c0745ddb867174806bd56ed1963ac3

  • SHA512

    294f30708cc1f4f52300648fcc83e2de4a796434383c6121cf92fea2cbbdfe9746dcb7c23c64a907c78afe10a6ebb561ec81c84fa81e18dcdf8aff5d866f1dd2

  • SSDEEP

    24576:jngHKYfXTkXy0Z0UplrOlyyXEwlKhgoCY9X8jOlC3rocE/0sED5cHI:zgqKIXzr7OMoBlKRCgvA5P

  Score

  10^/10

  asyncratquasarumbraldefaultoffice04discoveryratspywarestealertrojan

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Detect Umbral payload

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Async RAT payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  behavioral1behavioral2