General
-
Target
0x0008000000014148-59.dat
-
Size
45KB
-
Sample
220629-j1n1sshfd7
-
MD5
cbdce3b5e2939fe92312004dcb31151f
-
SHA1
6f11f275c611decd4659f23a4593103f327806a6
-
SHA256
6ccc49875c2d837f462c4c3bd81f80b3be93f8435e8a22e042b5db025a31a6e3
-
SHA512
6240f21957016db0607987c81b110e78640d20eeba2dc0274cf6e6741cfd7924ca3b42325405e620f423157c34f355f188dbf60de96421e87f0d53e271fcc2c8
Behavioral task
behavioral1
Sample
0x0008000000014148-59.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
franmhort.duia.ro:8153
Mutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
win.exe
-
install_folder
%AppData%
Targets
-
-
Target
0x0008000000014148-59.dat
-
Size
45KB
-
MD5
cbdce3b5e2939fe92312004dcb31151f
-
SHA1
6f11f275c611decd4659f23a4593103f327806a6
-
SHA256
6ccc49875c2d837f462c4c3bd81f80b3be93f8435e8a22e042b5db025a31a6e3
-
SHA512
6240f21957016db0607987c81b110e78640d20eeba2dc0274cf6e6741cfd7924ca3b42325405e620f423157c34f355f188dbf60de96421e87f0d53e271fcc2c8
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-