General
-
Target
fddaeygXLjAsync.js
-
Size
119KB
-
Sample
220628-hkrw3sheb8
-
MD5
542b756dd96091a329ef2d11d08a6b3e
-
SHA1
bebe6cb01c61932081119bcd8c4c35d4c75eabe8
-
SHA256
7c8b340626b6330e1a94c98a97b4de4778e996e1f65c4d7cf81f7c1605f66e7d
-
SHA512
ebf79ee53d2c4edeb16bf842e11b91c45717a778de4334305d7276b7dd30718dfef2841a365e5ef8c86d911be7247187b40e2529568d080e3879d33d7342b0e6
Static task
static1
Behavioral task
behavioral1
Sample
fddaeygXLjAsync.js
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
104.168.33.53:6606
104.168.33.53:7707
104.168.33.53:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
fddaeygXLjAsync.js
-
Size
119KB
-
MD5
542b756dd96091a329ef2d11d08a6b3e
-
SHA1
bebe6cb01c61932081119bcd8c4c35d4c75eabe8
-
SHA256
7c8b340626b6330e1a94c98a97b4de4778e996e1f65c4d7cf81f7c1605f66e7d
-
SHA512
ebf79ee53d2c4edeb16bf842e11b91c45717a778de4334305d7276b7dd30718dfef2841a365e5ef8c86d911be7247187b40e2529568d080e3879d33d7342b0e6
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-