General
-
Target
ECE421D721FC53F14B3CB3661BFD1A3FA803C3090C1DD.exe
-
Size
8.4MB
-
Sample
220629-vrfhvadbd4
-
MD5
d5e7043535d59496db94c856f10b8d04
-
SHA1
fb15aebccab94783a845a529d040f3ea0d960444
-
SHA256
ece421d721fc53f14b3cb3661bfd1a3fa803c3090c1dd7428bb785fa0ba50201
-
SHA512
3890f0aa25e388904e463127e9aee692027578e00dc7ea196236faafb330c74d01c2ace546301eb3cae3b17372355b6f299913a9402fbf953c323c263bc0e43b
Static task
static1
Behavioral task
behavioral1
Sample
ECE421D721FC53F14B3CB3661BFD1A3FA803C3090C1DD.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ECE421D721FC53F14B3CB3661BFD1A3FA803C3090C1DD.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
milla2.ddns.net:6606
milla2.ddns.net:7707
milla2.ddns.net:8808
nkxmiiutimapkt
-
delay
1
-
install
true
-
install_file
ccliner.exe
-
install_folder
%AppData%
Targets
-
-
Target
ECE421D721FC53F14B3CB3661BFD1A3FA803C3090C1DD.exe
-
Size
8.4MB
-
MD5
d5e7043535d59496db94c856f10b8d04
-
SHA1
fb15aebccab94783a845a529d040f3ea0d960444
-
SHA256
ece421d721fc53f14b3cb3661bfd1a3fa803c3090c1dd7428bb785fa0ba50201
-
SHA512
3890f0aa25e388904e463127e9aee692027578e00dc7ea196236faafb330c74d01c2ace546301eb3cae3b17372355b6f299913a9402fbf953c323c263bc0e43b
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-