General
-
Target
KRNL.exe
-
Size
1.6MB
-
Sample
221206-wgdryadb6s
-
MD5
cbadb1de52c16cccc08299d089b005bc
-
SHA1
843b3fd90240fbad0b567ce5e9a7280a465941ad
-
SHA256
1906cc91bd310c9f1ca7d59bb7338d6e10c023cd1af449788850b188963e7ee7
-
SHA512
5560990231317838d403a4f2508558a415868a2ee88006538ce2bccc0bd40aff03e03c45f696be4b79b24661375bf845eeaf061729fa1a5a3a5ddc761bdeaa6f
-
SSDEEP
12288:93KGvZLJNMO7BDUbWyM6FJJzcXdlNe7kaZHQlMXMUcwdeljucY/ObSvoPzpPw0IR:96ALJeOtLzoJzcXptaZwlUujlSNX
Static task
static1
Behavioral task
behavioral1
Sample
KRNL.exe
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
1.0.7
Default
goods-generic.at.playit.gg:12632
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_file
virus.exe
-
install_folder
%AppData%
Targets
-
-
Target
KRNL.exe
-
Size
1.6MB
-
MD5
cbadb1de52c16cccc08299d089b005bc
-
SHA1
843b3fd90240fbad0b567ce5e9a7280a465941ad
-
SHA256
1906cc91bd310c9f1ca7d59bb7338d6e10c023cd1af449788850b188963e7ee7
-
SHA512
5560990231317838d403a4f2508558a415868a2ee88006538ce2bccc0bd40aff03e03c45f696be4b79b24661375bf845eeaf061729fa1a5a3a5ddc761bdeaa6f
-
SSDEEP
12288:93KGvZLJNMO7BDUbWyM6FJJzcXdlNe7kaZHQlMXMUcwdeljucY/ObSvoPzpPw0IR:96ALJeOtLzoJzcXptaZwlUujlSNX
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-