General
-
Target
4f689ad2542e385c696d18df256e474e.exe
-
Size
834KB
-
Sample
220122-1argnsdbh6
-
MD5
4f689ad2542e385c696d18df256e474e
-
SHA1
719a2ff49e7f8d5ac4a7b0f7dc2256f8ed45a541
-
SHA256
e7e4f472ffb41d0c2678ceac5a5c236242d46a6c781cf8431b661a3493a05eae
-
SHA512
ae60db8a63c035b2ff322f705b05ce358cac980b4bae750f4a29b8bdee52d89a7bf8c84024add4aa4c65ef0cc71e5b03081b69095599648b430bfb8f1299fb35
Static task
static1
Behavioral task
behavioral1
Sample
4f689ad2542e385c696d18df256e474e.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
5.230.72.132:6606
5.230.72.132:7707
5.230.72.132:8808
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
4f689ad2542e385c696d18df256e474e.exe
-
Size
834KB
-
MD5
4f689ad2542e385c696d18df256e474e
-
SHA1
719a2ff49e7f8d5ac4a7b0f7dc2256f8ed45a541
-
SHA256
e7e4f472ffb41d0c2678ceac5a5c236242d46a6c781cf8431b661a3493a05eae
-
SHA512
ae60db8a63c035b2ff322f705b05ce358cac980b4bae750f4a29b8bdee52d89a7bf8c84024add4aa4c65ef0cc71e5b03081b69095599648b430bfb8f1299fb35
-
Async RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-