General
-
Target
51b86accf873af86f4624d4a08daf3b8
-
Size
571KB
-
Sample
220629-kfxb4shgf3
-
MD5
51b86accf873af86f4624d4a08daf3b8
-
SHA1
972a57975c6938bf9689b92e020b9b223564953d
-
SHA256
a92032e28b54316256dd146c38b9dfa16fac5824b17c255722591e3ba6c90e68
-
SHA512
130cb5c0637e41d57cfa2777481e732a638c291aa0e5323f4a216710425e5c170283252acbf01e49aab35575fd77adbdf0d57f16f4a077c8033ecd2724dbca07
Static task
static1
Behavioral task
behavioral1
Sample
51b86accf873af86f4624d4a08daf3b8.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
23.105.131.209:19328
23.105.131.209:1137
23.105.131.209:1070
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
51b86accf873af86f4624d4a08daf3b8
-
Size
571KB
-
MD5
51b86accf873af86f4624d4a08daf3b8
-
SHA1
972a57975c6938bf9689b92e020b9b223564953d
-
SHA256
a92032e28b54316256dd146c38b9dfa16fac5824b17c255722591e3ba6c90e68
-
SHA512
130cb5c0637e41d57cfa2777481e732a638c291aa0e5323f4a216710425e5c170283252acbf01e49aab35575fd77adbdf0d57f16f4a077c8033ecd2724dbca07
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-