General
-
Target
COM Surrogate.exe
-
Size
47KB
-
Sample
221206-xvbp6shd6z
-
MD5
2bd0e405d19bc95341a0f9c4912efdd1
-
SHA1
aa27c91317600a2f9d8a5f4b18ec4a3f10d1061f
-
SHA256
1325c2f0f1b73a0fcdbc947752757ffbd378c89c95aaaac8d46434188f972925
-
SHA512
1f19478f120ceb4b89c5871d76a08fb1fcd51d02f38fb36c30a8e87ce495649c081f337608eca8e48ce5a5c303e27ca6728c15885d0cba53e6226bac5fc9103e
-
SSDEEP
768:E9V/w9ILiCuu+bicyYE/pif8Yb3gemQnivEgK/JbZVc6KN:E9V/IidezbQSninkJbZVclN
Behavioral task
behavioral1
Sample
COM Surrogate.exe
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
1.0.7
Default
buy-dynamics.at.playit.gg:8080
buy-dynamics.at.playit.gg:12074
bruh__R3taddd
-
delay
1
-
install
true
-
install_file
COM Surrogate.exe
-
install_folder
%AppData%
Targets
-
-
Target
COM Surrogate.exe
-
Size
47KB
-
MD5
2bd0e405d19bc95341a0f9c4912efdd1
-
SHA1
aa27c91317600a2f9d8a5f4b18ec4a3f10d1061f
-
SHA256
1325c2f0f1b73a0fcdbc947752757ffbd378c89c95aaaac8d46434188f972925
-
SHA512
1f19478f120ceb4b89c5871d76a08fb1fcd51d02f38fb36c30a8e87ce495649c081f337608eca8e48ce5a5c303e27ca6728c15885d0cba53e6226bac5fc9103e
-
SSDEEP
768:E9V/w9ILiCuu+bicyYE/pif8Yb3gemQnivEgK/JbZVc6KN:E9V/IidezbQSninkJbZVclN
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-