General
-
Target
HEUR-Backdoor.MSIL.Crysan.gen-387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640.exe
-
Size
58KB
-
Sample
220929-pq7caabgfm
-
MD5
278a0cd8cf2ad02e2f2b139e78406ac9
-
SHA1
e824197381e55771bf91fe67f3652dd0e75bd4fa
-
SHA256
387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640
-
SHA512
31bd692fe817af9de4c4aaf26d4f37011827014cf86f8a08e51e9ec77114f0130dd17dcfb9360bb141e0432f0bd9d6ecf59c609e1bb63bdc496fa0309044fbb4
-
SSDEEP
1536:EuyRNTAGo2s7LI5ymUbZFyn62MHKdVal7:Euy/TAGo2s3I5ymUbZ462Mqval7
Behavioral task
behavioral1
Sample
HEUR-Backdoor.MSIL.Crysan.gen-387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640.exe
Resource
win7-20220901-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
92.138.188.75:7006
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
anydesk.exe
-
install_folder
%AppData%
Targets
-
-
Target
HEUR-Backdoor.MSIL.Crysan.gen-387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640.exe
-
Size
58KB
-
MD5
278a0cd8cf2ad02e2f2b139e78406ac9
-
SHA1
e824197381e55771bf91fe67f3652dd0e75bd4fa
-
SHA256
387a91f2a3775ee7d2a764fa5219c63478cd497c9a0a5625d63666a7561b2640
-
SHA512
31bd692fe817af9de4c4aaf26d4f37011827014cf86f8a08e51e9ec77114f0130dd17dcfb9360bb141e0432f0bd9d6ecf59c609e1bb63bdc496fa0309044fbb4
-
SSDEEP
1536:EuyRNTAGo2s7LI5ymUbZFyn62MHKdVal7:Euy/TAGo2s3I5ymUbZ462Mqval7
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-