General
-
Target
a4a07aba20cfae97abe924cc323a6614
-
Size
1.1MB
-
Sample
220721-yvd1zahhc2
-
MD5
a4a07aba20cfae97abe924cc323a6614
-
SHA1
6973d915762cafe75102b6f907e1aeb4232d22d7
-
SHA256
78915bc8ddd68219bd15458305214f8dbb4d5f24d90a91ad044be8a2dc79e0b4
-
SHA512
a60a057117f5ce27243d1327bb0454ef5a33a9c6560ca9ddb378d4c07779f28dabb35b8571154811525fb261c8347c24e182dfbad5d4be56f720c211d4007b99
Static task
static1
Behavioral task
behavioral1
Sample
a4a07aba20cfae97abe924cc323a6614.exe
Resource
win7-20220718-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
luispereiralora09.con-ip.com:1990
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
njrat
0.7NC
NYAN CAT
albertogiraldolora09.duckdns.org:1991
c033a676902f4
-
reg_key
c033a676902f4
-
splitter
@!#&^%$
Targets
-
-
Target
a4a07aba20cfae97abe924cc323a6614
-
Size
1.1MB
-
MD5
a4a07aba20cfae97abe924cc323a6614
-
SHA1
6973d915762cafe75102b6f907e1aeb4232d22d7
-
SHA256
78915bc8ddd68219bd15458305214f8dbb4d5f24d90a91ad044be8a2dc79e0b4
-
SHA512
a60a057117f5ce27243d1327bb0454ef5a33a9c6560ca9ddb378d4c07779f28dabb35b8571154811525fb261c8347c24e182dfbad5d4be56f720c211d4007b99
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-