General
-
Target
eJOkxSjGrIAsync.js
-
Size
93KB
-
Sample
220627-pq62hsbbal
-
MD5
5f4cbf087832aeb798ab6b7bc6e7ca5f
-
SHA1
881ea13605e3286c0752d17eceb58685f50679ad
-
SHA256
b493208184fa838892417ca6066061856a0aa98c798573bc7a8dcc61327d81a9
-
SHA512
aedef885e00679103fb28fcc6d7f51fbd28c5686168f67dce9556976704493323764ef6318de97c77bc61d20d39ac828ba0d52dd982368e97c4cdc31eea7d207
Static task
static1
Behavioral task
behavioral1
Sample
eJOkxSjGrIAsync.js
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
104.168.33.53:6606
104.168.33.53:7707
104.168.33.53:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
eJOkxSjGrIAsync.js
-
Size
93KB
-
MD5
5f4cbf087832aeb798ab6b7bc6e7ca5f
-
SHA1
881ea13605e3286c0752d17eceb58685f50679ad
-
SHA256
b493208184fa838892417ca6066061856a0aa98c798573bc7a8dcc61327d81a9
-
SHA512
aedef885e00679103fb28fcc6d7f51fbd28c5686168f67dce9556976704493323764ef6318de97c77bc61d20d39ac828ba0d52dd982368e97c4cdc31eea7d207
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-