General
-
Target
test.exe
-
Size
48KB
-
Sample
230221-h154msfg9w
-
MD5
6f0ed93c651caa271d6893a9a7b5f0d3
-
SHA1
b5ea955a9de7ded9b97a8f4f18730a22bcd5a730
-
SHA256
a24df2806da3c88a599b28c98238cef75059e1209ba3a4aeeb2067f2d8f867da
-
SHA512
5808c1179b8dc6ebae6e16077320f814e5822208d010e8732d72c6bb2b0bf956f47820801ab76ece80af509663746c5efa70b7e635a62e69fab12046570df601
-
SSDEEP
768:hCFs7ILCCOO+bidtelDSN+iV08YbygecgR6ut3vEgK/JWkeVc6KN:hyKCdtKDs4zb1MRjnkJ1eVclN
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
secdb.duckdns.org:58811
99e96ed5-78e9-4163-9f05-290f5adba3bb
-
delay
1
-
install
true
-
install_file
FodHelper.exe
-
install_folder
%AppData%
Targets
-
-
Target
test.exe
-
Size
48KB
-
MD5
6f0ed93c651caa271d6893a9a7b5f0d3
-
SHA1
b5ea955a9de7ded9b97a8f4f18730a22bcd5a730
-
SHA256
a24df2806da3c88a599b28c98238cef75059e1209ba3a4aeeb2067f2d8f867da
-
SHA512
5808c1179b8dc6ebae6e16077320f814e5822208d010e8732d72c6bb2b0bf956f47820801ab76ece80af509663746c5efa70b7e635a62e69fab12046570df601
-
SSDEEP
768:hCFs7ILCCOO+bidtelDSN+iV08YbygecgR6ut3vEgK/JWkeVc6KN:hyKCdtKDs4zb1MRjnkJ1eVclN
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-