General
-
Target
ab8633debd051d65dde309e985c402d59ec5615a030c17714389c6f3e9ab3899
-
Size
535KB
-
Sample
220521-xkc59afbgm
-
MD5
a08f53208b0832720dc057d5b2d17e97
-
SHA1
fe2ef8a2d445b410fa67a681285a3eab290ad295
-
SHA256
ab8633debd051d65dde309e985c402d59ec5615a030c17714389c6f3e9ab3899
-
SHA512
b349117988ebb5f4f6963697cb00c1a02f18f5b5d288ba84d8429e7cb63ca145ee157d0b6c40728da2dda59611c240884c76e01252aff368fca30ceb5455f6c2
Static task
static1
Behavioral task
behavioral1
Sample
ab8633debd051d65dde309e985c402d59ec5615a030c17714389c6f3e9ab3899.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ab8633debd051d65dde309e985c402d59ec5615a030c17714389c6f3e9ab3899.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
SLAVES MONDAY
194.5.98.81:3434
AsyncMutex_6363f86fs6fw6f
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ab8633debd051d65dde309e985c402d59ec5615a030c17714389c6f3e9ab3899
-
Size
535KB
-
MD5
a08f53208b0832720dc057d5b2d17e97
-
SHA1
fe2ef8a2d445b410fa67a681285a3eab290ad295
-
SHA256
ab8633debd051d65dde309e985c402d59ec5615a030c17714389c6f3e9ab3899
-
SHA512
b349117988ebb5f4f6963697cb00c1a02f18f5b5d288ba84d8429e7cb63ca145ee157d0b6c40728da2dda59611c240884c76e01252aff368fca30ceb5455f6c2
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-