General
-
Target
file.exe
-
Size
91KB
-
Sample
221011-ptgk2aedgm
-
MD5
0930b477703d6a03eb120ad3543513d8
-
SHA1
7bc33a9595ffd5f5bacb6843ee1dfcd86df74fa1
-
SHA256
9699022b7bd45a72cf29614bdd131400dbee0ab5d6a5c2e03ed1c13e7cf0eca0
-
SHA512
0d9b4c07fbc13f484269d181f2587c92f7a7b817bca07f9956c16aa01c441d8a60ae13afe554f2f8a497607730d7641b2352f481d3cebb98e633b03ddc27617d
-
SSDEEP
1536:XRzdezMTHOFP5WKcyRm1YGl/KVzFeS6Bqt/pr2sQOIkbrPsNI:WzMDKwKx8Yl1FKqtRFYsrPV
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
http://80.66.88.146/R.html
Extracted
http://80.66.88.146/R.png
Extracted
asyncrat
1.0.7
$
80.66.88.146:8848
TEHJRTRYKSRZSDJHT
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
file.exe
-
Size
91KB
-
MD5
0930b477703d6a03eb120ad3543513d8
-
SHA1
7bc33a9595ffd5f5bacb6843ee1dfcd86df74fa1
-
SHA256
9699022b7bd45a72cf29614bdd131400dbee0ab5d6a5c2e03ed1c13e7cf0eca0
-
SHA512
0d9b4c07fbc13f484269d181f2587c92f7a7b817bca07f9956c16aa01c441d8a60ae13afe554f2f8a497607730d7641b2352f481d3cebb98e633b03ddc27617d
-
SSDEEP
1536:XRzdezMTHOFP5WKcyRm1YGl/KVzFeS6Bqt/pr2sQOIkbrPsNI:WzMDKwKx8Yl1FKqtRFYsrPV
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-