General
-
Target
1092-58-0x00000000004B0000-0x00000000004C2000-memory.dmp
-
Size
72KB
-
Sample
220630-kq3a4sheam
-
MD5
120076dce139888eedd986751a363b06
-
SHA1
c9eac0bb6dd3865603818f50b30f028ce4f93ff4
-
SHA256
c38fc24d76e652212ccf1e79d8f1435efe676596d8bd99b4224bca5449b6a62f
-
SHA512
4cbf19cd348b93560289f102f359fc88d99042e552602fa14d83cdd7fafb9b55910ce75d11fd9f8921fa2697e1efcb77c90e5f33ff062eda794aa4921ef976d5
Behavioral task
behavioral1
Sample
1092-58-0x00000000004B0000-0x00000000004C2000-memory.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
1.0.7
Default
62.197.136.195:3333
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
testversion.exe
-
install_folder
%Temp%
Targets
-
-
Target
1092-58-0x00000000004B0000-0x00000000004C2000-memory.dmp
-
Size
72KB
-
MD5
120076dce139888eedd986751a363b06
-
SHA1
c9eac0bb6dd3865603818f50b30f028ce4f93ff4
-
SHA256
c38fc24d76e652212ccf1e79d8f1435efe676596d8bd99b4224bca5449b6a62f
-
SHA512
4cbf19cd348b93560289f102f359fc88d99042e552602fa14d83cdd7fafb9b55910ce75d11fd9f8921fa2697e1efcb77c90e5f33ff062eda794aa4921ef976d5
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT)
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-