General
-
Target
8ff7fdedc9420387bcf059c5883770b0b4cb6828d1a593032fcc82cf73963d28
-
Size
958KB
-
Sample
220521-c1fwvshhcq
-
MD5
2e2750cf2b5c646ab0f0528bf4eee5db
-
SHA1
7c9b1ee1d21b2dca19efcd07156c48f6b95c9be1
-
SHA256
8ff7fdedc9420387bcf059c5883770b0b4cb6828d1a593032fcc82cf73963d28
-
SHA512
a85c88169d5a913d62924f159f8877d8a17ef3e253260c07d6fa49e5315940ca1fbf80c2ae29b2237035063b66c37f7d4fd1defc0d3e15f3c894f44eb8c8855a
Static task
static1
Behavioral task
behavioral1
Sample
KR-310820.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
newjob1
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/eeJq8Ku6
Targets
-
-
Target
KR-310820.exe
-
Size
896KB
-
MD5
685be020460aac060f121dd2d689cc2e
-
SHA1
eca95082e24b2d15c1cc9f18d8083b9527b23eae
-
SHA256
c2e6a6a4dcceeb65c2b769b92223c4b5c6de325709146391a4863dd56f4eb3d1
-
SHA512
c2d1330653a2a15d4a84ecaa003e4879bab4116d603a78d0e2adee92e8b0ea728ee284d7d59e73be083274637ce02df96c50ce6ee149d4b9dc4b00a43c93b055
-
Async RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-