General
-
Target
SpyMax-4.0 Cracked+Activated_install.exe
-
Size
104.1MB
-
Sample
230218-qcaxlabf71
-
MD5
a7e39331cdf403335cf432aa36e3d3fc
-
SHA1
60d5af5f01457932b061ac6fff52bd9bcfc18634
-
SHA256
bb7e1270658ab3596ebf0a1a9131b6cee5e6eba57a4b7ed112a7a2993339c3ea
-
SHA512
7b4d127ee8294ab722aa4604690bd74715069d2557fc7c70740b1d26bd32a593ef8bf5dbcaee7cd5f182e2ba1577c808615b377db98b2c83d706c04df1514ea1
-
SSDEEP
1572864:pUKdbtOBERw2YgkKrqSdNHpzeW4MDL908tVzYJajtOBERw6TTLjU2j+GJWvR/uTo:rd15kk4NQ908t24JvUwIo8Skd
Static task
static1
Malware Config
Extracted
asyncrat
1.0.7
Default
verynice.ddns.net:8848
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
WindowsDefender.exe
-
install_folder
%Temp%
Targets
-
-
Target
SpyMax-4.0 Cracked+Activated_install.exe
-
Size
104.1MB
-
MD5
a7e39331cdf403335cf432aa36e3d3fc
-
SHA1
60d5af5f01457932b061ac6fff52bd9bcfc18634
-
SHA256
bb7e1270658ab3596ebf0a1a9131b6cee5e6eba57a4b7ed112a7a2993339c3ea
-
SHA512
7b4d127ee8294ab722aa4604690bd74715069d2557fc7c70740b1d26bd32a593ef8bf5dbcaee7cd5f182e2ba1577c808615b377db98b2c83d706c04df1514ea1
-
SSDEEP
1572864:pUKdbtOBERw2YgkKrqSdNHpzeW4MDL908tVzYJajtOBERw6TTLjU2j+GJWvR/uTo:rd15kk4NQ908t24JvUwIo8Skd
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-