General
-
Target
36b5e3120ffe3468078cb5aa1a55a9da.exe
-
Size
502KB
-
Sample
220705-qb3afsbda6
-
MD5
36b5e3120ffe3468078cb5aa1a55a9da
-
SHA1
ea449fdeb6b5dc01c4f9cf503d2c7a5b66d5cc60
-
SHA256
d9837c768f392a3bb98836aedc39c89e1b0641f1b51949d744bfb1a128cb23aa
-
SHA512
e7e730e6b74ee4c9eec154908c991c26a548bb35e31b0e8e3cabd2e7457470ec967903060ceb74ec2e3727a2db16c378b43cad9b27eabcafc5d4a3062de700a3
Static task
static1
Behavioral task
behavioral1
Sample
36b5e3120ffe3468078cb5aa1a55a9da.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
37.0.14.204:2022
37.0.14.204:2019
37.0.14.204:5631
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
36b5e3120ffe3468078cb5aa1a55a9da.exe
-
Size
502KB
-
MD5
36b5e3120ffe3468078cb5aa1a55a9da
-
SHA1
ea449fdeb6b5dc01c4f9cf503d2c7a5b66d5cc60
-
SHA256
d9837c768f392a3bb98836aedc39c89e1b0641f1b51949d744bfb1a128cb23aa
-
SHA512
e7e730e6b74ee4c9eec154908c991c26a548bb35e31b0e8e3cabd2e7457470ec967903060ceb74ec2e3727a2db16c378b43cad9b27eabcafc5d4a3062de700a3
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-