General
-
Target
119996da24b3935ec811bcd72583b6d1cd5205097265100c20a6ce773b79fb28
-
Size
181KB
-
Sample
230129-zblr5scc44
-
MD5
35e7cba9da6186aabcbeb680b9e62a0f
-
SHA1
a0aa491f942b485f15a7f59104e26beac1033591
-
SHA256
119996da24b3935ec811bcd72583b6d1cd5205097265100c20a6ce773b79fb28
-
SHA512
64d079e1c3315cd77a018c6b998a5e9a86b45f11565dc00f4f6da737808aab9f5075ba6e96eb915940232333d8706703c80844eb7d86d0585b066bef5c899e12
-
SSDEEP
3072:CmwGb4OB7fOBUPH354yZqpQVGGRGyAiMeFNNiE7TE8pkkN2eJ1BMZbQX9nMs:CmlfB7zPpypQVGGR6IN3I8pky2kEg9n
Static task
static1
Behavioral task
behavioral1
Sample
119996da24b3935ec811bcd72583b6d1cd5205097265100c20a6ce773b79fb28.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
119996da24b3935ec811bcd72583b6d1cd5205097265100c20a6ce773b79fb28.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
SYSTEM
UtilityService.ignorelist.com:9696
UtilityService.ignorelist.com:1738
UtilityService.ignorelist.com:2269
SGFSHJFgkjdsfadfurgGW
-
delay
3
-
install
true
-
install_file
Boot Utility Service.exe
-
install_folder
%AppData%
Targets
-
-
Target
119996da24b3935ec811bcd72583b6d1cd5205097265100c20a6ce773b79fb28
-
Size
181KB
-
MD5
35e7cba9da6186aabcbeb680b9e62a0f
-
SHA1
a0aa491f942b485f15a7f59104e26beac1033591
-
SHA256
119996da24b3935ec811bcd72583b6d1cd5205097265100c20a6ce773b79fb28
-
SHA512
64d079e1c3315cd77a018c6b998a5e9a86b45f11565dc00f4f6da737808aab9f5075ba6e96eb915940232333d8706703c80844eb7d86d0585b066bef5c899e12
-
SSDEEP
3072:CmwGb4OB7fOBUPH354yZqpQVGGRGyAiMeFNNiE7TE8pkkN2eJ1BMZbQX9nMs:CmlfB7zPpypQVGGR6IN3I8pky2kEg9n
-
Async RAT payload
-
Core1 .NET packer
Detects packer/loader used by .NET malware.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-