General
-
Target
1f1890cd960b7c39e3bf88d6bf2f1bef.exe
-
Size
45KB
-
Sample
220919-zgek1sggb7
-
MD5
1f1890cd960b7c39e3bf88d6bf2f1bef
-
SHA1
bec5d376b6bb41e2bd99d48fc8f4ddc5029c37cc
-
SHA256
338d8dbb07b4cae38f5aa9a9b1c00014dd46649f3f5ed7701a58707ab8e36fc6
-
SHA512
1c94102414e6993cd5fde3ab6266b0260222c41a9edfc395a35520420e8c4f1e7af730d8ca368df83b18750eef891703ec1f0880304f3e7437e8ba7a4dddcc69
-
SSDEEP
768:LuW81Towx/9WU9Vt+Xmo2qzIh7pRWwJuPIozjbNVgXKDiYeXl4QNBDZbx:LuW81Toq7C2jFXWiXo3bsXjYeV4QDdbx
Behavioral task
behavioral1
Sample
1f1890cd960b7c39e3bf88d6bf2f1bef.exe
Resource
win7-20220901-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
george-pressing.at.playit.gg:4782
george-pressing.at.playit.gg:56956
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
RuntimeBroker.exe
-
install_folder
%AppData%
Targets
-
-
Target
1f1890cd960b7c39e3bf88d6bf2f1bef.exe
-
Size
45KB
-
MD5
1f1890cd960b7c39e3bf88d6bf2f1bef
-
SHA1
bec5d376b6bb41e2bd99d48fc8f4ddc5029c37cc
-
SHA256
338d8dbb07b4cae38f5aa9a9b1c00014dd46649f3f5ed7701a58707ab8e36fc6
-
SHA512
1c94102414e6993cd5fde3ab6266b0260222c41a9edfc395a35520420e8c4f1e7af730d8ca368df83b18750eef891703ec1f0880304f3e7437e8ba7a4dddcc69
-
SSDEEP
768:LuW81Towx/9WU9Vt+Xmo2qzIh7pRWwJuPIozjbNVgXKDiYeXl4QNBDZbx:LuW81Toq7C2jFXWiXo3bsXjYeV4QDdbx
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-