General
-
Target
1764-55-0x0000000000310000-0x0000000000322000-memory.dmp
-
Size
72KB
-
Sample
230225-dt53vabh79
-
MD5
4b896ef306249d7eb479adb37924d6db
-
SHA1
19e789c4f4641b5f83187e43d43476cabc8aab0a
-
SHA256
d138cf95fecb1da6a714f3560c560ad913f883fb0cfc4a69ca03075c5c9b1033
-
SHA512
d88cb2342ce2094318a5f5a04928a79892ffbe20acc8cbaaba03e85e27ab9a5d0a6de0ef49709750a26b3fd13b38aaed94ebb061b6207b654e0b8d54c1fda2aa
-
SSDEEP
1536:sonBMEFoAUVebWrSXsCl4etfKrBKmVcl:sonBMEFTUVebWosQYlK8Y
Behavioral task
behavioral1
Sample
1764-55-0x0000000000310000-0x0000000000322000-memory.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
seznam.zapto.org:6606
seznam.zapto.org:7707
seznam.zapto.org:8808
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
ghbhdythetsqq
-
delay
6
-
install
true
-
install_file
atlsas.exe
-
install_folder
%AppData%
Targets
-
-
Target
1764-55-0x0000000000310000-0x0000000000322000-memory.dmp
-
Size
72KB
-
MD5
4b896ef306249d7eb479adb37924d6db
-
SHA1
19e789c4f4641b5f83187e43d43476cabc8aab0a
-
SHA256
d138cf95fecb1da6a714f3560c560ad913f883fb0cfc4a69ca03075c5c9b1033
-
SHA512
d88cb2342ce2094318a5f5a04928a79892ffbe20acc8cbaaba03e85e27ab9a5d0a6de0ef49709750a26b3fd13b38aaed94ebb061b6207b654e0b8d54c1fda2aa
-
SSDEEP
1536:sonBMEFoAUVebWrSXsCl4etfKrBKmVcl:sonBMEFTUVebWosQYlK8Y
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-