General
-
Target
lib64.exe
-
Size
81KB
-
Sample
221207-gbqf8ace5t
-
MD5
8fa2f4a2594f41b3a6fa4f50bbe9b0a8
-
SHA1
17bb7325da58af388316d19fbd054fcb1e1146dd
-
SHA256
c0bd5fcd7a91eb868dddb6172f5e576b5efa1a4c57a7f5cade8f4cef236fb001
-
SHA512
2dbc09e9669d9418a54b406027aeebd66a8b9f5d80d9efec3e32e268429f87a9ae1a44ab4d0c321b28593e7bfbe820c0de4f7fd8a6f385bc9b3cb6d0727f862a
-
SSDEEP
1536:anLHHTYQgq2Rt0CbbCfa5YkgMdVclNa7G/7GaF:anLHHTYQNSt0CbbCSKOvYAy/y4
Behavioral task
behavioral1
Sample
lib64.exe
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
+ Stealer 5.0.7
Stac
127.0.0.1:4449
127.0.0.1:56721
111.90.147.102:4449
111.90.147.102:56721
ASfgsahfWDS
-
delay
1
-
install
true
-
install_file
lib32.exe
-
install_folder
%AppData%
Targets
-
-
Target
lib64.exe
-
Size
81KB
-
MD5
8fa2f4a2594f41b3a6fa4f50bbe9b0a8
-
SHA1
17bb7325da58af388316d19fbd054fcb1e1146dd
-
SHA256
c0bd5fcd7a91eb868dddb6172f5e576b5efa1a4c57a7f5cade8f4cef236fb001
-
SHA512
2dbc09e9669d9418a54b406027aeebd66a8b9f5d80d9efec3e32e268429f87a9ae1a44ab4d0c321b28593e7bfbe820c0de4f7fd8a6f385bc9b3cb6d0727f862a
-
SSDEEP
1536:anLHHTYQgq2Rt0CbbCfa5YkgMdVclNa7G/7GaF:anLHHTYQNSt0CbbCSKOvYAy/y4
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-