General
-
Target
9f18eca7a171f9632ac463d09d6e8dce
-
Size
333KB
-
Sample
220304-jw5gzsffbn
-
MD5
9f18eca7a171f9632ac463d09d6e8dce
-
SHA1
cc1412530b20bf95663c4efc49eb08387e689be6
-
SHA256
d897279f21d4e5e36d89eb1eba9dcf995855a076d1578c644ff1726fc11d3d8b
-
SHA512
d23e0d42469a38f20f570fab18f7bbe0dd874b8ad6f20fa65876f34ba28e02f0f52e26051b788536b44c0dc7b1cb1b166139d1df5fc9518fab2341a6ba6bb9ec
Static task
static1
Behavioral task
behavioral1
Sample
9f18eca7a171f9632ac463d09d6e8dce.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
9f18eca7a171f9632ac463d09d6e8dce.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
asyncrat
0.5.7B
2
212.193.30.54:9524
wyQ92!.,=FT72few
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
9f18eca7a171f9632ac463d09d6e8dce
-
Size
333KB
-
MD5
9f18eca7a171f9632ac463d09d6e8dce
-
SHA1
cc1412530b20bf95663c4efc49eb08387e689be6
-
SHA256
d897279f21d4e5e36d89eb1eba9dcf995855a076d1578c644ff1726fc11d3d8b
-
SHA512
d23e0d42469a38f20f570fab18f7bbe0dd874b8ad6f20fa65876f34ba28e02f0f52e26051b788536b44c0dc7b1cb1b166139d1df5fc9518fab2341a6ba6bb9ec
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-