General
-
Target
mshta.exe
-
Size
304KB
-
Sample
220519-ch5ghahdd2
-
MD5
b28ddf547716c0cdee99d4e5f261704d
-
SHA1
cef47d43a0809616fbdb980b7864b4cef8ed2943
-
SHA256
89aacd427f262a4a5b09af5c8abdeabc7f39a1d618a01a5a79074ebb62bb065e
-
SHA512
c78e8c4b9d871e3df72f7ecdad2a179225df6887adc9db63746bbbc6fd7ae1d3cfdd5dcbde039790bbc84193a9f5eb8516df716d614a88181b8253c5c188c24b
Static task
static1
Behavioral task
behavioral1
Sample
mshta.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
1.0.7
mshta
mshta
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/tefSYKAL
Targets
-
-
Target
mshta.exe
-
Size
304KB
-
MD5
b28ddf547716c0cdee99d4e5f261704d
-
SHA1
cef47d43a0809616fbdb980b7864b4cef8ed2943
-
SHA256
89aacd427f262a4a5b09af5c8abdeabc7f39a1d618a01a5a79074ebb62bb065e
-
SHA512
c78e8c4b9d871e3df72f7ecdad2a179225df6887adc9db63746bbbc6fd7ae1d3cfdd5dcbde039790bbc84193a9f5eb8516df716d614a88181b8253c5c188c24b
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-