General
-
Target
aws.exe
-
Size
85KB
-
Sample
230121-aawhhsab58
-
MD5
63fb22e516c5c5f243b06b35883956f9
-
SHA1
b915cdc9c0a9f7afe7a28d8a47e778a2b99f8374
-
SHA256
14d3276ca733ff2efebeb3208f7e233da4df8735514c216e5fa52a83e9110f8b
-
SHA512
c012d8ac37a2742218c14812e50cb456ed3fe2df954059ce221a5c971746f74c4e940e37eb81443dd10df7a430e227b039a33d8264bbf42874d9076737808955
-
SSDEEP
1536:Yr4lbI9/CJxFz3FI8Cwof4wJ9JDUiPDMNkGbbawfpaSGRZVclN30/yRmP:O41I9/CJxFz3FI8Cwo7J7DRDMOGbbagG
Behavioral task
behavioral1
Sample
aws.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
aws.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
1.0.7
Default
192.253.245.243:7771
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
Windows Defender Security.exe
-
install_folder
%AppData%
Targets
-
-
Target
aws.exe
-
Size
85KB
-
MD5
63fb22e516c5c5f243b06b35883956f9
-
SHA1
b915cdc9c0a9f7afe7a28d8a47e778a2b99f8374
-
SHA256
14d3276ca733ff2efebeb3208f7e233da4df8735514c216e5fa52a83e9110f8b
-
SHA512
c012d8ac37a2742218c14812e50cb456ed3fe2df954059ce221a5c971746f74c4e940e37eb81443dd10df7a430e227b039a33d8264bbf42874d9076737808955
-
SSDEEP
1536:Yr4lbI9/CJxFz3FI8Cwof4wJ9JDUiPDMNkGbbawfpaSGRZVclN30/yRmP:O41I9/CJxFz3FI8Cwo7J7DRDMOGbbagG
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-