General
-
Target
Transferencias Copiar.jar
-
Size
287KB
-
Sample
220701-lvgqmseab7
-
MD5
513cc3544b4a0523218326b30e99b46b
-
SHA1
0927ad5ab4a30014fe0125793729ca9f8a74d95a
-
SHA256
d021841d4a25bbe872ac7f71427e5731e441a9f6150f6ebb208c664d6ba48acd
-
SHA512
fe435151e2d374858426777b95c18fb5590ab745815a43e58ad6ae4d6c19610895750d6cebcfc7341cedf6b3ed78c46db06b8d2b74ba889618a54222326a7ecf
Static task
static1
Behavioral task
behavioral1
Sample
Transferencias Copiar.jar
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
franmhort.duia.ro:8153
Mutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
win.exe
-
install_folder
%AppData%
Targets
-
-
Target
Transferencias Copiar.jar
-
Size
287KB
-
MD5
513cc3544b4a0523218326b30e99b46b
-
SHA1
0927ad5ab4a30014fe0125793729ca9f8a74d95a
-
SHA256
d021841d4a25bbe872ac7f71427e5731e441a9f6150f6ebb208c664d6ba48acd
-
SHA512
fe435151e2d374858426777b95c18fb5590ab745815a43e58ad6ae4d6c19610895750d6cebcfc7341cedf6b3ed78c46db06b8d2b74ba889618a54222326a7ecf
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-