General
-
Target
iFYEJ.exe
-
Size
2.5MB
-
Sample
230208-xggdhadg2x
-
MD5
acfe53c70928d44f9cf498495145ec84
-
SHA1
2a12b327d4e5628904cc25c5f134732d6265e662
-
SHA256
b706de1b9f7ef2d7f6c4d5fddd9525d907a7a0fdb087d98c4a01589f6178edc7
-
SHA512
345143bcc9895282d2843efee182eb07bc0d0179c0c1e6ffcdd7ff9f1d44c252ffccb1b56c2b48c70b554f3427f6a1c23a6ea6b1c9e76edcbe655e88e247741c
-
SSDEEP
49152:Gg8nNv+SzYW4ZOUB5hempuE8OOTRmgysj8k4:Gg8h14
Static task
static1
Behavioral task
behavioral1
Sample
iFYEJ.exe
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
89.117.21.143:6606
89.117.21.143:7707
89.117.21.143:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
iFYEJ.exe
-
Size
2.5MB
-
MD5
acfe53c70928d44f9cf498495145ec84
-
SHA1
2a12b327d4e5628904cc25c5f134732d6265e662
-
SHA256
b706de1b9f7ef2d7f6c4d5fddd9525d907a7a0fdb087d98c4a01589f6178edc7
-
SHA512
345143bcc9895282d2843efee182eb07bc0d0179c0c1e6ffcdd7ff9f1d44c252ffccb1b56c2b48c70b554f3427f6a1c23a6ea6b1c9e76edcbe655e88e247741c
-
SSDEEP
49152:Gg8nNv+SzYW4ZOUB5hempuE8OOTRmgysj8k4:Gg8h14
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-