General
-
Target
f77b608a4c97894c9872e5a87182073f2f4bda255e2af6eb0304e0834b0c31bd
-
Size
325KB
-
Sample
220701-gs9lesgge5
-
MD5
05036519b910018bab5cbafadb034684
-
SHA1
779b7f6d3a0c836df19fdfe0c621fbee384b0548
-
SHA256
f77b608a4c97894c9872e5a87182073f2f4bda255e2af6eb0304e0834b0c31bd
-
SHA512
96e1a5f54ef4c135722015441564baa8c06da76bb34e69acd686f0805db52755449959b90ffe595ccd2553fd5bd4953f6276de986e5abace37d7954573b5ef8a
Static task
static1
Behavioral task
behavioral1
Sample
f77b608a4c97894c9872e5a87182073f2f4bda255e2af6eb0304e0834b0c31bd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f77b608a4c97894c9872e5a87182073f2f4bda255e2af6eb0304e0834b0c31bd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.2
31.17.132.37:8808
pksru.ddns.net:8808
hfgbhiguiruh4rxdsfsdfsdfsd
-
delay
0
-
install
true
-
install_file
Nackbilder.png.exe
-
install_folder
%AppData%
Targets
-
-
Target
f77b608a4c97894c9872e5a87182073f2f4bda255e2af6eb0304e0834b0c31bd
-
Size
325KB
-
MD5
05036519b910018bab5cbafadb034684
-
SHA1
779b7f6d3a0c836df19fdfe0c621fbee384b0548
-
SHA256
f77b608a4c97894c9872e5a87182073f2f4bda255e2af6eb0304e0834b0c31bd
-
SHA512
96e1a5f54ef4c135722015441564baa8c06da76bb34e69acd686f0805db52755449959b90ffe595ccd2553fd5bd4953f6276de986e5abace37d7954573b5ef8a
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-