General
-
Target
ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15
-
Size
725KB
-
Sample
230129-x5t99scc5y
-
MD5
01b52dc2afdb1950a0a7d56d9b1766c4
-
SHA1
84c49d452de656e71cdca0a20ddb8c3db1a647c0
-
SHA256
ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15
-
SHA512
b99199bab0ab53838649087112d7800e44d5b5fb5d8a647fa7ee199c7360ca08b1902ff7955425f56430834bf0cd644bff65d99415b6914d4427dc6e6f77f9f5
-
SSDEEP
12288:/Cfi3zZfbGF8cVA6TFKd83ypIlyonrKGQVS7DB+/B5oo7I5Efr:6aDZfbc/VAio6GiKGQc7DU5RFr
Static task
static1
Behavioral task
behavioral1
Sample
ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Galaxy Swapper.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/KQnTvrv3
Targets
-
-
Target
ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15
-
Size
725KB
-
MD5
01b52dc2afdb1950a0a7d56d9b1766c4
-
SHA1
84c49d452de656e71cdca0a20ddb8c3db1a647c0
-
SHA256
ab936a96e30f3a0a64bd5a5e1a5ae3db1182ec360a823cd401d7c4ab5862ad15
-
SHA512
b99199bab0ab53838649087112d7800e44d5b5fb5d8a647fa7ee199c7360ca08b1902ff7955425f56430834bf0cd644bff65d99415b6914d4427dc6e6f77f9f5
-
SSDEEP
12288:/Cfi3zZfbGF8cVA6TFKd83ypIlyonrKGQVS7DB+/B5oo7I5Efr:6aDZfbc/VAio6GiKGQc7DU5RFr
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-