General
-
Target
0x0009000000008527-56.dat
-
Size
64KB
-
Sample
220704-wqvf2saegn
-
MD5
c75c0d8d46633692c979eb6fbd26094e
-
SHA1
b3945681b32a90f00ef2fd2af2eb4f5d4208c75d
-
SHA256
bbd275db0ec38e99c088654b042b682c428ba644969ef08f1d9657052f9b1393
-
SHA512
5d4ecd6c3fee2cf25cdfc4c6abbb389b261016b805ab1f6c4f0918143df6b02f0647d6ba87b1169ef0040ea9afd0dd22ce2612e2600b48e6dd9ffd7be99a1067
Static task
static1
Behavioral task
behavioral1
Sample
0x0009000000008527-56.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0x0009000000008527-56.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
true
Linkvertise A
RRAT_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
Explorer.exe
Targets
-
-
Target
0x0009000000008527-56.dat
-
Size
64KB
-
MD5
c75c0d8d46633692c979eb6fbd26094e
-
SHA1
b3945681b32a90f00ef2fd2af2eb4f5d4208c75d
-
SHA256
bbd275db0ec38e99c088654b042b682c428ba644969ef08f1d9657052f9b1393
-
SHA512
5d4ecd6c3fee2cf25cdfc4c6abbb389b261016b805ab1f6c4f0918143df6b02f0647d6ba87b1169ef0040ea9afd0dd22ce2612e2600b48e6dd9ffd7be99a1067
Score10/10-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-