General
-
Target
CC0DDA64461CFC4A81291CAB7FBF1B5FB60E288D5A558.exe
-
Size
469KB
-
Sample
220928-2tdklaadbk
-
MD5
e8c534e58ab2b4959830d1f7e695e133
-
SHA1
01085c7b92329a6fa6995fdc1569a37218cd024b
-
SHA256
cc0dda64461cfc4a81291cab7fbf1b5fb60e288d5a5587108fb8f2f9381fdf7f
-
SHA512
94dbacca6a7fd1e14dd2327fab0a4f4e4e2f2f713a40adc1ad11549c134af3c57126786eef9474b3410e5a11360037dc175624289221601098fe74552a5c18ba
-
SSDEEP
6144:m7IaUaM8HGFHp1fQNXAsZRzK4+rLL447qvOeB6f8vkPclAMDkM7pPOQMLeX5e98F:mv6f8cPw9IWmlLh6bZq7t
Static task
static1
Behavioral task
behavioral1
Sample
CC0DDA64461CFC4A81291CAB7FBF1B5FB60E288D5A558.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
CC0DDA64461CFC4A81291CAB7FBF1B5FB60E288D5A558.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
nqjzitvqsflofawip
-
delay
6
-
install
true
-
install_file
facaboooke.exe
-
install_folder
%AppData%
Targets
-
-
Target
CC0DDA64461CFC4A81291CAB7FBF1B5FB60E288D5A558.exe
-
Size
469KB
-
MD5
e8c534e58ab2b4959830d1f7e695e133
-
SHA1
01085c7b92329a6fa6995fdc1569a37218cd024b
-
SHA256
cc0dda64461cfc4a81291cab7fbf1b5fb60e288d5a5587108fb8f2f9381fdf7f
-
SHA512
94dbacca6a7fd1e14dd2327fab0a4f4e4e2f2f713a40adc1ad11549c134af3c57126786eef9474b3410e5a11360037dc175624289221601098fe74552a5c18ba
-
SSDEEP
6144:m7IaUaM8HGFHp1fQNXAsZRzK4+rLL447qvOeB6f8vkPclAMDkM7pPOQMLeX5e98F:mv6f8cPw9IWmlLh6bZq7t
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-