General
-
Target
SecuriteInfo.com.Win32.DropperX-gen.6349.exe
-
Size
7KB
-
Sample
221003-e7874agcc7
-
MD5
d1860473f9a55ae6d09604dc559888a1
-
SHA1
1da7d140c29e91e73ab7bdbb1e5373933d867ff3
-
SHA256
60b9dfe94376364fa7c7d47ca49cfcdae1b54cfad864098c6cf260f5bf870992
-
SHA512
6af5a6b85b045195e82e5c9d791d6b152fed93cdaf975c1dbc44af03298cd987ff61e630706419daa453e985c5b027d760f31e8240521cb3a6e6468120caceb5
-
SSDEEP
96:nUO+K83HPiLF5UyfzDuyGh0/aCdf0zNt:CqLF5Jfuy0qF+
Malware Config
Extracted
asyncrat
0.5.7B
Default
fresh02.ddns.net:2245
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
logs.exe
-
install_folder
%AppData%
Targets
-
-
Target
SecuriteInfo.com.Win32.DropperX-gen.6349.exe
-
Size
7KB
-
MD5
d1860473f9a55ae6d09604dc559888a1
-
SHA1
1da7d140c29e91e73ab7bdbb1e5373933d867ff3
-
SHA256
60b9dfe94376364fa7c7d47ca49cfcdae1b54cfad864098c6cf260f5bf870992
-
SHA512
6af5a6b85b045195e82e5c9d791d6b152fed93cdaf975c1dbc44af03298cd987ff61e630706419daa453e985c5b027d760f31e8240521cb3a6e6468120caceb5
-
SSDEEP
96:nUO+K83HPiLF5UyfzDuyGh0/aCdf0zNt:CqLF5Jfuy0qF+
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-