General
-
Target
ea54fb8199336bf53f9a7df8f48bb0ae03292b9896223ac86b70df0696e74d90
-
Size
1.7MB
-
Sample
221010-lx25csbde5
-
MD5
4520b916a8ed8d6c7ea4de7039dd0787
-
SHA1
948f8fa9875d528c02a965a645f09f2bccb8ea47
-
SHA256
ea54fb8199336bf53f9a7df8f48bb0ae03292b9896223ac86b70df0696e74d90
-
SHA512
079c110de6e90a14ecae04a1abbe99f8635a569d636f6a3fff8c3c3ca765395013c9c8d91432ab295034b344bac6a24803f5510d43d30da50cc9891045d316c6
-
SSDEEP
12288:a9v8Y+CjeIOOUNER2Irm7rPpcrnWZQzjFeM6DJOjB9sTTHy7I/F22VZW:csH2DrYrPpcrnYQb6VOsFr8
Static task
static1
Malware Config
Extracted
asyncrat
1.0.7
Default
45.137.20.108:8848
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ea54fb8199336bf53f9a7df8f48bb0ae03292b9896223ac86b70df0696e74d90
-
Size
1.7MB
-
MD5
4520b916a8ed8d6c7ea4de7039dd0787
-
SHA1
948f8fa9875d528c02a965a645f09f2bccb8ea47
-
SHA256
ea54fb8199336bf53f9a7df8f48bb0ae03292b9896223ac86b70df0696e74d90
-
SHA512
079c110de6e90a14ecae04a1abbe99f8635a569d636f6a3fff8c3c3ca765395013c9c8d91432ab295034b344bac6a24803f5510d43d30da50cc9891045d316c6
-
SSDEEP
12288:a9v8Y+CjeIOOUNER2Irm7rPpcrnWZQzjFeM6DJOjB9sTTHy7I/F22VZW:csH2DrYrPpcrnYQb6VOsFr8
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-