Extracted

• • Target

    Infected.exe

  • Size

    63KB

  • MD5

    8eecb122a1a79dcf2b800e7d9c9bb1a4

  • SHA1

    4097a285a4ef1311137d6789e081fbb63849e595

  • SHA256

    85716564e84fd6d1ea7ad2b54732afece9598a878703232f00031ffcdc06b694

  • SHA512

    967da10e79123359c6782dbb4da961ffd2e575da52888b3772a07e3e584fe9e80807b6cd48b458f08f9e40695e62c108ed0dc610b8021202311803ae6e56a2a8

  • SSDEEP

    768:Qv7M2nr/978dQC8A+XjlazcBRL5JTk1+T4KSBGHmDbD/ph0oXEcguVe3i7sSu0dP:M5/V/dSJYUbdh9yUNru0dpqKmY7

  Score

  10^/10

  asyncratstealeriumdefaultcollectiondiscoverypersistenceprivilege_escalationransomwareratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Stealerium family

    stealerium

  • Renames multiple (1278) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  behavioral1