General
-
Target
gZHoNqzhnkAsyncnew.js
-
Size
119KB
-
Sample
220628-jttbyagabm
-
MD5
2d39df9576b5fb59ddecd387e7bc82e6
-
SHA1
c80b2f2e610a61cf0ce7c71b8b52b7835b79581b
-
SHA256
4cddaf9878b629c5ecbdf268464cae85d5f1b49597714d48f0206a831f1d086e
-
SHA512
1fea7a53d13169aebd4d2430d89f363b0f234cf356a10637e7268f35f678387b4a9f9c3ab7adc84efcf640d973257e0e34baba34e9931f32fb5d935be1c28b37
Static task
static1
Behavioral task
behavioral1
Sample
gZHoNqzhnkAsyncnew.js
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
104.168.33.53:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
gZHoNqzhnkAsyncnew.js
-
Size
119KB
-
MD5
2d39df9576b5fb59ddecd387e7bc82e6
-
SHA1
c80b2f2e610a61cf0ce7c71b8b52b7835b79581b
-
SHA256
4cddaf9878b629c5ecbdf268464cae85d5f1b49597714d48f0206a831f1d086e
-
SHA512
1fea7a53d13169aebd4d2430d89f363b0f234cf356a10637e7268f35f678387b4a9f9c3ab7adc84efcf640d973257e0e34baba34e9931f32fb5d935be1c28b37
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-