General
-
Target
wvCsXtVqSzAsyncClient.js
-
Size
133KB
-
Sample
220705-frd8fsebfm
-
MD5
21cc92af5a4d7e7014b5293923a1d710
-
SHA1
c3c9bcb079dd1b9115f99a89aa4269023da3c980
-
SHA256
d0de97d9f6773d634fe90c11579b13411bd07dbdb5faa9644f5edaba12d97856
-
SHA512
d2bf085069d4467f101dfa35c926a5403d8a25f1ce15a849a9a7d4d522aec9e4360b5814b06d9270b4d1cbf718a43f309cadbeeb8a84e78e6cb7567d28f61996
Static task
static1
Behavioral task
behavioral1
Sample
wvCsXtVqSzAsyncClient.js
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
104.168.33.32:6606
37.120.212.235:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
wvCsXtVqSzAsyncClient.js
-
Size
133KB
-
MD5
21cc92af5a4d7e7014b5293923a1d710
-
SHA1
c3c9bcb079dd1b9115f99a89aa4269023da3c980
-
SHA256
d0de97d9f6773d634fe90c11579b13411bd07dbdb5faa9644f5edaba12d97856
-
SHA512
d2bf085069d4467f101dfa35c926a5403d8a25f1ce15a849a9a7d4d522aec9e4360b5814b06d9270b4d1cbf718a43f309cadbeeb8a84e78e6cb7567d28f61996
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-