General
-
Target
db73de377b65213640e910db6f18f33f
-
Size
671KB
-
Sample
220224-xm3hxsdec6
-
MD5
db73de377b65213640e910db6f18f33f
-
SHA1
b5d30bcb05b536b7736be7c49502a39c24281f82
-
SHA256
ddb0822b3ff456aa4d91bf7356b01193a63b0e333d1a4c281e7b7c18733b8fd8
-
SHA512
51a6535256262071ea520cceba1c84c395b23cb630b5c97f881205c6bec34bd4b3e06ff2ec3d80932d3194b22f63fc84b08e22adaa7f6639661e7643a9950c05
Static task
static1
Behavioral task
behavioral1
Sample
db73de377b65213640e910db6f18f33f.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
db73de377b65213640e910db6f18f33f.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8755
gyQ12!.,=FD7trew
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
db73de377b65213640e910db6f18f33f
-
Size
671KB
-
MD5
db73de377b65213640e910db6f18f33f
-
SHA1
b5d30bcb05b536b7736be7c49502a39c24281f82
-
SHA256
ddb0822b3ff456aa4d91bf7356b01193a63b0e333d1a4c281e7b7c18733b8fd8
-
SHA512
51a6535256262071ea520cceba1c84c395b23cb630b5c97f881205c6bec34bd4b3e06ff2ec3d80932d3194b22f63fc84b08e22adaa7f6639661e7643a9950c05
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-