General
-
Target
168ee8403709fc4848328051ff819157.exe
-
Size
70KB
-
Sample
220926-2z9vzscbb9
-
MD5
168ee8403709fc4848328051ff819157
-
SHA1
bf96e4267c22e283d192e34fc50ded40802ac83c
-
SHA256
bf765420bbb03b49f594002013915e508160a4efede03e051075cabad32c51b3
-
SHA512
9e86bdb6f49881fc39a1cea97047164dc02e21cb8bfc43526997840effcde497c3411bfed256fce7738f3b3a3814d1fb8f4295cec09034453aff326cf97a449c
-
SSDEEP
1536:L2pM3Poamv/TQ6MLXIRakKVyreBOPew0ikXx5utYdsOWg+7/MajDw:iW3ADXcBURL4OmikXbuuVA/Rw
Static task
static1
Behavioral task
behavioral1
Sample
168ee8403709fc4848328051ff819157.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
168ee8403709fc4848328051ff819157.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
20.171.107.243:6606
20.171.107.243:7707
20.171.107.243:8808
rositxado.tk:6606
rositxado.tk:7707
rositxado.tk:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
168ee8403709fc4848328051ff819157.exe
-
Size
70KB
-
MD5
168ee8403709fc4848328051ff819157
-
SHA1
bf96e4267c22e283d192e34fc50ded40802ac83c
-
SHA256
bf765420bbb03b49f594002013915e508160a4efede03e051075cabad32c51b3
-
SHA512
9e86bdb6f49881fc39a1cea97047164dc02e21cb8bfc43526997840effcde497c3411bfed256fce7738f3b3a3814d1fb8f4295cec09034453aff326cf97a449c
-
SSDEEP
1536:L2pM3Poamv/TQ6MLXIRakKVyreBOPew0ikXx5utYdsOWg+7/MajDw:iW3ADXcBURL4OmikXbuuVA/Rw
-
Async RAT payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-