General
-
Target
822c659a8ad91358189573135d99d6af226b1271bcfa053a2f49a8ea193b1619
-
Size
1.1MB
-
Sample
221130-wb35msee2t
-
MD5
fd0f12448b7ce4e82e014b64b2676e93
-
SHA1
3b5891e13f7f63c25e88030ba78d3290934f8640
-
SHA256
822c659a8ad91358189573135d99d6af226b1271bcfa053a2f49a8ea193b1619
-
SHA512
34d01684dcc7f91439ac333e5ee86a1ce1e724ad8f71eaf3b7c215cd32b595e1b6835a7ed077c8ac3f42fe7975d103d06afae5031f446442a7b748f68a214c51
-
SSDEEP
12288:+fcAcrc5/VtuUogBwjWxEOR3LkAb8C1atShBs/yyaVtLhqG5lg1tArWUHW9keeU8:U
Static task
static1
Behavioral task
behavioral1
Sample
822c659a8ad91358189573135d99d6af226b1271bcfa053a2f49a8ea193b1619.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
hgjvhnfgg.duckdns.org:8057
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
822c659a8ad91358189573135d99d6af226b1271bcfa053a2f49a8ea193b1619
-
Size
1.1MB
-
MD5
fd0f12448b7ce4e82e014b64b2676e93
-
SHA1
3b5891e13f7f63c25e88030ba78d3290934f8640
-
SHA256
822c659a8ad91358189573135d99d6af226b1271bcfa053a2f49a8ea193b1619
-
SHA512
34d01684dcc7f91439ac333e5ee86a1ce1e724ad8f71eaf3b7c215cd32b595e1b6835a7ed077c8ac3f42fe7975d103d06afae5031f446442a7b748f68a214c51
-
SSDEEP
12288:+fcAcrc5/VtuUogBwjWxEOR3LkAb8C1atShBs/yyaVtLhqG5lg1tArWUHW9keeU8:U
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-