General
-
Target
d7490b3cd8d992172d83744289079ff4.exe
-
Size
1.0MB
-
Sample
220129-k57t5shack
-
MD5
d7490b3cd8d992172d83744289079ff4
-
SHA1
8b14577b75be2e2546e090287167b0017a2ac000
-
SHA256
cbde068b97a9081568dea732d561f26c52946ebbadf260c2305b46f369b20c9d
-
SHA512
3ac675b5a7cc377b859d9619785fa9e5f834246b4ae1c77e5f3ac95bc8907b6480181da5d58753fa844e78b6391ba64ff51285ebb9f601fc2b18d410a8bfb7bd
Static task
static1
Behavioral task
behavioral1
Sample
d7490b3cd8d992172d83744289079ff4.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
20.98.96.97:1605
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
d7490b3cd8d992172d83744289079ff4.exe
-
Size
1.0MB
-
MD5
d7490b3cd8d992172d83744289079ff4
-
SHA1
8b14577b75be2e2546e090287167b0017a2ac000
-
SHA256
cbde068b97a9081568dea732d561f26c52946ebbadf260c2305b46f369b20c9d
-
SHA512
3ac675b5a7cc377b859d9619785fa9e5f834246b4ae1c77e5f3ac95bc8907b6480181da5d58753fa844e78b6391ba64ff51285ebb9f601fc2b18d410a8bfb7bd
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-