General
-
Target
899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84
-
Size
385KB
-
Sample
220523-zk5avabagn
-
MD5
2a51a997488380da1de20ea4d0050be9
-
SHA1
27e0c00423195325b5f38cc7060bc4060b520969
-
SHA256
899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84
-
SHA512
64cbb33704c4be470be12087a1bd76d4fa32d1b5814afa6afa1429ab574ed2cae7bcf5743cad1668be584271281028b81ca2a1f408555bf2ce5977a8d82d2086
Static task
static1
Behavioral task
behavioral1
Sample
899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.6B
5
moveforme.ug:6970
xafsavxcfdgbdsfg.ru:6970
tralala
-
delay
0
-
install
false
-
install_file
dllhost.exe
-
install_folder
%AppData%
Targets
-
-
Target
899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84
-
Size
385KB
-
MD5
2a51a997488380da1de20ea4d0050be9
-
SHA1
27e0c00423195325b5f38cc7060bc4060b520969
-
SHA256
899add4d120b60a2dad900062baabfc70d6cbb616d9f4a784e850197f580fa84
-
SHA512
64cbb33704c4be470be12087a1bd76d4fa32d1b5814afa6afa1429ab574ed2cae7bcf5743cad1668be584271281028b81ca2a1f408555bf2ce5977a8d82d2086
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
suricata: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-