General
-
Target
2ed2a1d6604afeaa681f4c66dcd84194.exe
-
Size
141KB
-
Sample
220805-h28wxshdbn
-
MD5
2ed2a1d6604afeaa681f4c66dcd84194
-
SHA1
6134d837220afe9377cd78950c8aca43dde08d8c
-
SHA256
2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780
-
SHA512
b6dc02f1974d0d90b171432156b85044ab67b51c00c9a6f2ce98562342dd2afb64ac36ae57e291d37da0db564c7191567183917971455969d9eb930c920e8979
Static task
static1
Behavioral task
behavioral1
Sample
2ed2a1d6604afeaa681f4c66dcd84194.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
2ed2a1d6604afeaa681f4c66dcd84194.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
asyncrat
1.0.7
Default
techandro.giize.com:6906
techandro.giize.com:6907
hsolic.duckdns.org:6906
hsolic.duckdns.org:6907
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
sihost.exe
-
install_folder
%AppData%
Targets
-
-
Target
2ed2a1d6604afeaa681f4c66dcd84194.exe
-
Size
141KB
-
MD5
2ed2a1d6604afeaa681f4c66dcd84194
-
SHA1
6134d837220afe9377cd78950c8aca43dde08d8c
-
SHA256
2a48fa5118bf1c97de6a6b7b0a45bcc95bd678d54f31e2f2d003e5f3ea49c780
-
SHA512
b6dc02f1974d0d90b171432156b85044ab67b51c00c9a6f2ce98562342dd2afb64ac36ae57e291d37da0db564c7191567183917971455969d9eb930c920e8979
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-