General
-
Target
ea38cfcc0258377c4feedfc30ed0bbc1.exe
-
Size
180KB
-
Sample
220630-kk236abee4
-
MD5
ea38cfcc0258377c4feedfc30ed0bbc1
-
SHA1
7b3bbfdffbfdaf8209d30f33c545b54abfd2816f
-
SHA256
1b0a551577b66e5829eabfbdd99459b779d713a127812788ab96f90e08340e64
-
SHA512
3920ac4956040655c0afac75d4030689ae367f324647c70e43a174938bed8a0ae993b417bb21d96a3ca31f631201b7fbfbbf6b89b37814815f51618d0e3928cc
Static task
static1
Behavioral task
behavioral1
Sample
ea38cfcc0258377c4feedfc30ed0bbc1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ea38cfcc0258377c4feedfc30ed0bbc1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
1.0.7
Default
62.197.136.195:3333
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
testversion.exe
-
install_folder
%Temp%
Targets
-
-
Target
ea38cfcc0258377c4feedfc30ed0bbc1.exe
-
Size
180KB
-
MD5
ea38cfcc0258377c4feedfc30ed0bbc1
-
SHA1
7b3bbfdffbfdaf8209d30f33c545b54abfd2816f
-
SHA256
1b0a551577b66e5829eabfbdd99459b779d713a127812788ab96f90e08340e64
-
SHA512
3920ac4956040655c0afac75d4030689ae367f324647c70e43a174938bed8a0ae993b417bb21d96a3ca31f631201b7fbfbbf6b89b37814815f51618d0e3928cc
Score10/10-
Modifies WinLogon for persistence
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-