General
-
Target
bc0c6f07b05e4c29bae36fedd9e58e1cd0148d777a68d50ec5104567d9e3ce43
-
Size
268KB
-
Sample
220212-lqy45acdcq
-
MD5
cbad7cf8227cbce947d387ffe948afc8
-
SHA1
09a7a7b0ea83d15caef4b8bb58425c96a8dab7e2
-
SHA256
9bb04d78c662b9a3f17b65ab0e84df9fc740e08bfb0db9d6b8778b3defa9381d
-
SHA512
4c648683813ad6a57aaf7cbdea6a55967e8599605535ca995171df2cb8208d859a5ecaccc14f37280bc34784b195cc4596bac5f0698db49e531d3f6743e36611
Static task
static1
Behavioral task
behavioral1
Sample
bc0c6f07b05e4c29bae36fedd9e58e1cd0148d777a68d50ec5104567d9e3ce43.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
bc0c6f07b05e4c29bae36fedd9e58e1cd0148d777a68d50ec5104567d9e3ce43.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8754
gyQ12!.,=FDpsdf2_@
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
bc0c6f07b05e4c29bae36fedd9e58e1cd0148d777a68d50ec5104567d9e3ce43
-
Size
309KB
-
MD5
5cdfcd6d591946dec15cec637f7826e6
-
SHA1
7959aeda9d64e19b9eeed15003c49a0c62eadf45
-
SHA256
bc0c6f07b05e4c29bae36fedd9e58e1cd0148d777a68d50ec5104567d9e3ce43
-
SHA512
e8a3363aaaecc5902aa93b4754d24e03c86cabe4132f6aa0111c8b575fcfa5b0e1ff7127279f0808f83c01547e043efffe628207272d1d61aa8697c926ac194b
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-