General
-
Target
a67e24a8575521f3eb6601dd6c2de85f
-
Size
1.1MB
-
Sample
220707-yrw3dabhg9
-
MD5
a67e24a8575521f3eb6601dd6c2de85f
-
SHA1
4f7e56953e1e47397c277fd23487c3e29932ca55
-
SHA256
00bcbf44a3a8dfdd43324ad3dc7a868049bc1856237d97307cc1bbec2ce68ffe
-
SHA512
7ca3482f8ea42fc0554b23d21e277f0d7edaf44a0ba08606bf02af86328d5a1ad18917b47fa3f111c68ab2e267954eb8fccc9b404cf3c1433baf312a80a9c01c
Static task
static1
Behavioral task
behavioral1
Sample
a67e24a8575521f3eb6601dd6c2de85f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a67e24a8575521f3eb6601dd6c2de85f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
luispereiralora09.con-ip.com:1990
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
a67e24a8575521f3eb6601dd6c2de85f
-
Size
1.1MB
-
MD5
a67e24a8575521f3eb6601dd6c2de85f
-
SHA1
4f7e56953e1e47397c277fd23487c3e29932ca55
-
SHA256
00bcbf44a3a8dfdd43324ad3dc7a868049bc1856237d97307cc1bbec2ce68ffe
-
SHA512
7ca3482f8ea42fc0554b23d21e277f0d7edaf44a0ba08606bf02af86328d5a1ad18917b47fa3f111c68ab2e267954eb8fccc9b404cf3c1433baf312a80a9c01c
Score10/10-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-