General
-
Target
a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979
-
Size
436KB
-
Sample
220225-lvn5qafge5
-
MD5
1795a964260c42f1891e4f8e64c9820d
-
SHA1
de3db6e8b3862c64187f5b60f7979296c9cc43fc
-
SHA256
7b3e0e43e179268d70bc17c99e476c72c58e18ef0f4a301e155574524ae4249a
-
SHA512
74bd655cfffbc81b338ffa9e56a633d89af0e4fe7903024ed347dcb4e58af505369e69d57039bf2e170d0bd0b981c848adc43ab8258cc1764191495a4a7345cc
Static task
static1
Behavioral task
behavioral1
Sample
a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979.exe
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
1
212.193.30.54:8755
gyQ12!.,=FD7trew
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979
-
Size
668KB
-
MD5
1dfb8f4b408ad8a763e4655e90c07093
-
SHA1
be332a245adcd81707dd3de6b60653e2f68a0256
-
SHA256
a7999bf95618f2e2c37c5d0e805f8ff4fa44d2254e0ee0175df630f386a0c979
-
SHA512
a7af9a29cc5942ca67473f0f25f919bd22b6510b8f9738121dbac2f248dcfdbadc086097c120e00bba3df1fd08f7881d54fa3ec0a3775a0ab01219aa5991f9df
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-