General
-
Target
https://objects.githubusercontent.com/github-production-release-asset-2e65be/166504281/01235b00-9298-11ea-8006-ce52c2bf4d3a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230119%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230119T151636Z&X-Amz-Expires=300&X-Amz-Signature=663697f59a03adc2d9975a7c9c2631b46d6185a847c7001da5caa74bb5a921db&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=166504281&response-content-disposition=attachment%3B%20filename%3DCOMPILED.zip&response-content-type=application%2Foctet-stream
-
Sample
230119-td9n4add8s
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://objects.githubusercontent.com/github-production-release-asset-2e65be/166504281/01235b00-9298-11ea-8006-ce52c2bf4d3a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230119%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230119T151636Z&X-Amz-Expires=300&X-Amz-Signature=663697f59a03adc2d9975a7c9c2631b46d6185a847c7001da5caa74bb5a921db&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=166504281&response-content-disposition=attachment%3B%20filename%3DCOMPILED.zip&response-content-type=application%2Foctet-stream
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
10.127.0.10:6606
10.127.0.10:7707
10.127.0.10:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
updater.exe
-
install_folder
%AppData%
Targets
-
-
Target
https://objects.githubusercontent.com/github-production-release-asset-2e65be/166504281/01235b00-9298-11ea-8006-ce52c2bf4d3a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230119%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230119T151636Z&X-Amz-Expires=300&X-Amz-Signature=663697f59a03adc2d9975a7c9c2631b46d6185a847c7001da5caa74bb5a921db&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=166504281&response-content-disposition=attachment%3B%20filename%3DCOMPILED.zip&response-content-type=application%2Foctet-stream
-
Modifies visibility of file extensions in Explorer
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-