General
-
Target
4507e775950d04289ee8ec57ea4a2516d5220ea1e0383c4d061df45b8ac36410
-
Size
791KB
-
Sample
220630-vvbn3afdh4
-
MD5
1125ac7213c62c6ccb23b9b1621aa813
-
SHA1
05b7eb2d9872da2721eb650b014c4619d30a9dcc
-
SHA256
4507e775950d04289ee8ec57ea4a2516d5220ea1e0383c4d061df45b8ac36410
-
SHA512
c1e315623ee518462e751ebba6d1c09dabe583ec362b8782311fb4e84c0d72f4aac9648a47115f4be7c0d04a59d26dce47828f1a2348c12edabebf6bd122927b
Static task
static1
Behavioral task
behavioral1
Sample
4507e775950d04289ee8ec57ea4a2516d5220ea1e0383c4d061df45b8ac36410.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
193.161.193.99:29069
193.161.193.99:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
4507e775950d04289ee8ec57ea4a2516d5220ea1e0383c4d061df45b8ac36410
-
Size
791KB
-
MD5
1125ac7213c62c6ccb23b9b1621aa813
-
SHA1
05b7eb2d9872da2721eb650b014c4619d30a9dcc
-
SHA256
4507e775950d04289ee8ec57ea4a2516d5220ea1e0383c4d061df45b8ac36410
-
SHA512
c1e315623ee518462e751ebba6d1c09dabe583ec362b8782311fb4e84c0d72f4aac9648a47115f4be7c0d04a59d26dce47828f1a2348c12edabebf6bd122927b
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-