General
-
Target
1698db183216accc635a1495991ba96f.exe
-
Size
500KB
-
Sample
220120-y8ejnabee4
-
MD5
1698db183216accc635a1495991ba96f
-
SHA1
ea0332707c2e008dacd1023fcc201850f972f387
-
SHA256
74d6ce17a5ef1abd3c1c2bf8b9cc472bc8f3816299a06498cc7266c8f479beae
-
SHA512
3bb9e69ad94fb083530b91b24c20c2ae45e5d41333a305c3e43cbcabc44ef92232509501ad915cd5a77bc06940f5a2ad8e5f6da45b13c379392823429ff04687
Static task
static1
Behavioral task
behavioral1
Sample
1698db183216accc635a1495991ba96f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1698db183216accc635a1495991ba96f.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
asyncrat
0.5.7B
digi
deli.mywire.org:6606
deli.mywire.org:7707
deli.mywire.org:8808
kingspy.mywire.org:6606
kingspy.mywire.org:7707
kingspy.mywire.org:8808
kraldeli.linkpc.net:6606
kraldeli.linkpc.net:7707
kraldeli.linkpc.net:8808
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
1698db183216accc635a1495991ba96f.exe
-
Size
500KB
-
MD5
1698db183216accc635a1495991ba96f
-
SHA1
ea0332707c2e008dacd1023fcc201850f972f387
-
SHA256
74d6ce17a5ef1abd3c1c2bf8b9cc472bc8f3816299a06498cc7266c8f479beae
-
SHA512
3bb9e69ad94fb083530b91b24c20c2ae45e5d41333a305c3e43cbcabc44ef92232509501ad915cd5a77bc06940f5a2ad8e5f6da45b13c379392823429ff04687
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-