General
-
Target
d73a7c1afcc1074d86c01ac1ab22ae2309ba3747e07791428c62e9e0ded1750e
-
Size
204KB
-
Sample
220521-nc76zsgfbj
-
MD5
729de4ba848cf094fc5422838a65552f
-
SHA1
1e00094855bb4b740dc49b9d61c76b7a55b14973
-
SHA256
d73a7c1afcc1074d86c01ac1ab22ae2309ba3747e07791428c62e9e0ded1750e
-
SHA512
8aad983cb7b0685dfe9973bcdf1798f15ea2aa62dcfa7cef4df4af16454cc8d236d2fc312cac7e5b800f163ec781d2e6485e67b7415c09533fde09d002694666
Static task
static1
Behavioral task
behavioral1
Sample
doc.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:8080
88.198.101.62:6606
88.198.101.62:7707
88.198.101.62:8808
88.198.101.62:8080
88.198.101.59:6606
88.198.101.59:7707
88.198.101.59:8808
88.198.101.59:8080
203.186.44.219:6606
203.186.44.219:7707
203.186.44.219:8808
203.186.44.219:8080
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
word.exe
-
install_folder
%AppData%
Targets
-
-
Target
doc.exe
-
Size
483KB
-
MD5
5290763d68b81f1301717a3aafda9d69
-
SHA1
d2c437a9030674b37f9e80e19d583f2edee8d70a
-
SHA256
1cd2c7b23c2504dc1e5a6fc7feb56402abd74c58075ef700b1316b83f6d2f0d4
-
SHA512
4d6b3dc514af2ca074bd4836da126523d8b63e2c4495a9ead00b0c31365067c7d9365ae80ba71fe49ba78a9b2cf6e925695bf4ad79dcfc0cba4702b13b4ccaaa
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-