General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.32273.exe
-
Size
600KB
-
Sample
220922-jzy5daafd2
-
MD5
655c3cfd372078ec727db7ea441dbbe5
-
SHA1
6146b002d887018beba46382ddb00cde6cd9000e
-
SHA256
85d51d3e98e442cac4177b4bc0ddca270454f0c4a75bd2c3269ec366eb434a3f
-
SHA512
112ce25d22068ce9cd4a3a527ab2a715ee33798ed9157daf9ec42c00cd238ee8288a726afe36b34463da9cb55e3f1f6db358f6d36926c5dcad7ed3126536fcab
-
SSDEEP
6144:a7Ks2qIjWxejKi/i/iiDYOfNODk6b1h5os5b9ByxqvJnxyYb1qAyZrvHvw0PpYaK:a3xhKKDHlY5oc1xyguJHVEd0V
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.32273.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
1.0.7
Default
hardrickkonsultg.ddns.net:8848
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.32273.exe
-
Size
600KB
-
MD5
655c3cfd372078ec727db7ea441dbbe5
-
SHA1
6146b002d887018beba46382ddb00cde6cd9000e
-
SHA256
85d51d3e98e442cac4177b4bc0ddca270454f0c4a75bd2c3269ec366eb434a3f
-
SHA512
112ce25d22068ce9cd4a3a527ab2a715ee33798ed9157daf9ec42c00cd238ee8288a726afe36b34463da9cb55e3f1f6db358f6d36926c5dcad7ed3126536fcab
-
SSDEEP
6144:a7Ks2qIjWxejKi/i/iiDYOfNODk6b1h5os5b9ByxqvJnxyYb1qAyZrvHvw0PpYaK:a3xhKKDHlY5oc1xyguJHVEd0V
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-