General
-
Target
ScanCopy378493rh1.scr.exe
-
Size
1.0MB
-
Sample
220909-p872jacacr
-
MD5
c5da839b1c6505b50f9d18588bc29dcc
-
SHA1
808bcb8114f6188448b06ef581965e6ee09d4562
-
SHA256
af51aadc7d93eea0355ed2605959052333a0e124753ff5df78d16bcbf5031fbe
-
SHA512
03cc401161ae408e0b585aee60db9caec298a9f69cd5b1323417dc49771cceb7df3711886542ca7add6ff62091c83b0ae127c26ea2f4112ca6f84edff4e7952d
-
SSDEEP
12288:7SDJuxq0TA5FCxv2eP0Kla6EMAXmnSBY5eUk4MVYolDfyWEYjms8hV:7S9RK4i0p9r2iYDcmy3qs8hV
Static task
static1
Behavioral task
behavioral1
Sample
ScanCopy378493rh1.scr.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.7A
Ijefunds
79.134.225.20:8808
mmkawdairhcehilxluo
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ScanCopy378493rh1.scr.exe
-
Size
1.0MB
-
MD5
c5da839b1c6505b50f9d18588bc29dcc
-
SHA1
808bcb8114f6188448b06ef581965e6ee09d4562
-
SHA256
af51aadc7d93eea0355ed2605959052333a0e124753ff5df78d16bcbf5031fbe
-
SHA512
03cc401161ae408e0b585aee60db9caec298a9f69cd5b1323417dc49771cceb7df3711886542ca7add6ff62091c83b0ae127c26ea2f4112ca6f84edff4e7952d
-
SSDEEP
12288:7SDJuxq0TA5FCxv2eP0Kla6EMAXmnSBY5eUk4MVYolDfyWEYjms8hV:7S9RK4i0p9r2iYDcmy3qs8hV
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-