General
-
Target
P.O#07072022.exe
-
Size
607KB
-
Sample
220707-fa4f1sfdb3
-
MD5
9b24112df18f585a70270a72b564125f
-
SHA1
e51d61eef365ba0095267e5806743625c2291baf
-
SHA256
724b0ad46f22cbce63245e2e819e244e606e5081bd4cad054523a2c5fefd6cc3
-
SHA512
1abb3a7a98df0b2a850f46d14de42e961da19699d68e06d1d0417b0695b71b9d0b790e25664c48451d2a52bc11a494c7e8b4b8da887d0e9f7cc8311a8f5c5d4a
Static task
static1
Behavioral task
behavioral1
Sample
P.O#07072022.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
vivald21.hopto.org:25256
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
P.O#07072022.exe
-
Size
607KB
-
MD5
9b24112df18f585a70270a72b564125f
-
SHA1
e51d61eef365ba0095267e5806743625c2291baf
-
SHA256
724b0ad46f22cbce63245e2e819e244e606e5081bd4cad054523a2c5fefd6cc3
-
SHA512
1abb3a7a98df0b2a850f46d14de42e961da19699d68e06d1d0417b0695b71b9d0b790e25664c48451d2a52bc11a494c7e8b4b8da887d0e9f7cc8311a8f5c5d4a
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-