General
-
Target
A4A60422374845BF0ABD892DD48D352978D697C883196.exe
-
Size
701KB
-
Sample
220701-2fx23sbdbj
-
MD5
1bd98c5b4581aeff9b65ce5653f49cdf
-
SHA1
3091d81da54ed79391b456e8e94e6b939be2a316
-
SHA256
a4a60422374845bf0abd892dd48d352978d697c883196392e0d692f70f0e85c1
-
SHA512
f1462a6d7cfc813cd2ba05d6ccac9656b76ef4ea7418992d1b3b1acdbd779d7b2ab016322f30264c123fea92114a481c1400dc965964731c86974b98922486cc
Static task
static1
Behavioral task
behavioral1
Sample
A4A60422374845BF0ABD892DD48D352978D697C883196.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
A4A60422374845BF0ABD892DD48D352978D697C883196.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
ncwfisdaribhhybik
-
delay
10
-
install
true
-
install_file
syastem.exe
-
install_folder
%AppData%
Targets
-
-
Target
A4A60422374845BF0ABD892DD48D352978D697C883196.exe
-
Size
701KB
-
MD5
1bd98c5b4581aeff9b65ce5653f49cdf
-
SHA1
3091d81da54ed79391b456e8e94e6b939be2a316
-
SHA256
a4a60422374845bf0abd892dd48d352978d697c883196392e0d692f70f0e85c1
-
SHA512
f1462a6d7cfc813cd2ba05d6ccac9656b76ef4ea7418992d1b3b1acdbd779d7b2ab016322f30264c123fea92114a481c1400dc965964731c86974b98922486cc
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-