General
-
Target
test.bat
-
Size
48KB
-
Sample
230201-24e66sfa5w
-
MD5
106c27af68b78b8670267a5eebfc8040
-
SHA1
a2bbfb23b51cb1f2bb213dfe410601bc7fa53875
-
SHA256
037565e9535d9521ad3ab3cfef0e6e91cad24b8e1cab83af7949dae67d95fb5c
-
SHA512
7de6b4f739f209c11cadee9360d5cb799b77bc5d4083b706a4d9bc21f501bb45e218715dbca6cd61811458b0efd190dba06dc04141650a48d91a305abf8e4600
-
SSDEEP
768:0oEB9ZEYgBM1D1gozT1RjnAKRc1pU9/gnEiCsfhh8pRA9buJsgsSxQ:jErqY7coz0JagnEtqh8pYbFgsSxQ
Static task
static1
Behavioral task
behavioral1
Sample
test.bat
Resource
win10-20220901-en
Behavioral task
behavioral2
Sample
test.bat
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
mikludoykxx.ddns.net:6606
mikludoykxx.ddns.net:7707
mikludoykxx.ddns.net:8808
mikeludomax.ddns.net:6606
mikeludomax.ddns.net:7707
mikeludomax.ddns.net:8808
mikeludoyyxx.ddns.net:6606
mikeludoyyxx.ddns.net:7707
mikeludoyyxx.ddns.net:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
test.bat
-
Size
48KB
-
MD5
106c27af68b78b8670267a5eebfc8040
-
SHA1
a2bbfb23b51cb1f2bb213dfe410601bc7fa53875
-
SHA256
037565e9535d9521ad3ab3cfef0e6e91cad24b8e1cab83af7949dae67d95fb5c
-
SHA512
7de6b4f739f209c11cadee9360d5cb799b77bc5d4083b706a4d9bc21f501bb45e218715dbca6cd61811458b0efd190dba06dc04141650a48d91a305abf8e4600
-
SSDEEP
768:0oEB9ZEYgBM1D1gozT1RjnAKRc1pU9/gnEiCsfhh8pRA9buJsgsSxQ:jErqY7coz0JagnEtqh8pYbFgsSxQ
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-