General
-
Target
af1c3dd3dc0c3a7e1b4d829f79077e41e17ce8f95cbdcfef7cc7bc0e5b18c7d8
-
Size
32KB
-
Sample
220218-nc6yxsdcfl
-
MD5
cc1b6971441d2ec84c14247d4f014912
-
SHA1
a786dcb3bffe527a6954d3c242138d34707e21d3
-
SHA256
af1c3dd3dc0c3a7e1b4d829f79077e41e17ce8f95cbdcfef7cc7bc0e5b18c7d8
-
SHA512
a91cf7ebd024a5431ee8e2202740809fb6dace5d4965be107b6f83bbed34f21bde21d45a79e08401791cd204db8d9c23b00d791f8bc5714a6e33022f8aada77b
Static task
static1
Behavioral task
behavioral1
Sample
af1c3dd3dc0c3a7e1b4d829f79077e41e17ce8f95cbdcfef7cc7bc0e5b18c7d8.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8755
gyQ12!.,=FD7trew
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
af1c3dd3dc0c3a7e1b4d829f79077e41e17ce8f95cbdcfef7cc7bc0e5b18c7d8
-
Size
32KB
-
MD5
cc1b6971441d2ec84c14247d4f014912
-
SHA1
a786dcb3bffe527a6954d3c242138d34707e21d3
-
SHA256
af1c3dd3dc0c3a7e1b4d829f79077e41e17ce8f95cbdcfef7cc7bc0e5b18c7d8
-
SHA512
a91cf7ebd024a5431ee8e2202740809fb6dace5d4965be107b6f83bbed34f21bde21d45a79e08401791cd204db8d9c23b00d791f8bc5714a6e33022f8aada77b
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-