General
-
Target
fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607
-
Size
390KB
-
Sample
220502-nvw7fafaap
-
MD5
2777f662fe6d094fb8726aae2a6b39a6
-
SHA1
a643a95a7f45a612f45c4d398630b8b641b49bb7
-
SHA256
fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607
-
SHA512
d2974a64b8a780f099f5bc67d03a7d90a8824f01b12be7f3c1803c7b68772c2b1622b3864578d2fa4e636a1154ff22f1a1f821a2330bca5daa99591e962ab23e
Static task
static1
Behavioral task
behavioral1
Sample
fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
travazap.duckdns.org:4040
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
revengerat
NyanCatRevenge
travazap2.duckdns.org:2021
3ddc53446da
Targets
-
-
Target
fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607
-
Size
390KB
-
MD5
2777f662fe6d094fb8726aae2a6b39a6
-
SHA1
a643a95a7f45a612f45c4d398630b8b641b49bb7
-
SHA256
fb657035d6a3fcee85cb88e47418bda8c453ac623aad138fc2aea94a258e6607
-
SHA512
d2974a64b8a780f099f5bc67d03a7d90a8824f01b12be7f3c1803c7b68772c2b1622b3864578d2fa4e636a1154ff22f1a1f821a2330bca5daa99591e962ab23e
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-