General
-
Target
update.bat
-
Size
49KB
-
Sample
230125-mfvvdshd3x
-
MD5
350ad25e3bd312052f07ceb70a2524b6
-
SHA1
8eaf99305045a55539fea89a0c51984886be5f0b
-
SHA256
764250ddf94b90441193fe1c29754f231e0868d1878fdf3150e5744dd8d8c378
-
SHA512
f38c83674e123e9b58ae54bbf88fc363357e0f3f8d3a304f4a2c87e01c9869988c26b084e5d8ff014042f682a6b9428a27f8b3d849b4dbd795968ca853278b14
-
SSDEEP
1536:CzU6zHBhbzNsGUu6QTl3r19xS4e2RYpoEQA/9um:mrzhh6G519x5RgVQAlum
Malware Config
Targets
-
-
Target
update.bat
-
Size
49KB
-
MD5
350ad25e3bd312052f07ceb70a2524b6
-
SHA1
8eaf99305045a55539fea89a0c51984886be5f0b
-
SHA256
764250ddf94b90441193fe1c29754f231e0868d1878fdf3150e5744dd8d8c378
-
SHA512
f38c83674e123e9b58ae54bbf88fc363357e0f3f8d3a304f4a2c87e01c9869988c26b084e5d8ff014042f682a6b9428a27f8b3d849b4dbd795968ca853278b14
-
SSDEEP
1536:CzU6zHBhbzNsGUu6QTl3r19xS4e2RYpoEQA/9um:mrzhh6G519x5RgVQAlum
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-