General
-
Target
05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85
-
Size
2.6MB
-
Sample
220708-yw2tesfabm
-
MD5
7a8a6b5e4e5c662860bbd3adb7e22622
-
SHA1
234fd518fc22dfd428586a4ba58f85f69be7705d
-
SHA256
05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85
-
SHA512
f8ec8a900a253beb54bd9328a9ada484678a2bd6a6b3a380222fa88c30a4653d4f899958a801ee270c4bc949d9d6aaa7ee46515c28f91013ba99869586c2d9c6
Static task
static1
Behavioral task
behavioral1
Sample
05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.6A
185.70.187.145:5555
pehagymxwo
-
delay
5
-
install
true
-
install_file
gremor.exe
-
install_folder
%AppData%
Targets
-
-
Target
05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85
-
Size
2.6MB
-
MD5
7a8a6b5e4e5c662860bbd3adb7e22622
-
SHA1
234fd518fc22dfd428586a4ba58f85f69be7705d
-
SHA256
05a68e1fdcf49840097ac9879ff8bf190f7a8a7d7dc33d95d849df9af46a6f85
-
SHA512
f8ec8a900a253beb54bd9328a9ada484678a2bd6a6b3a380222fa88c30a4653d4f899958a801ee270c4bc949d9d6aaa7ee46515c28f91013ba99869586c2d9c6
-
Async RAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-