General
-
Target
167BBD9058620CF4884372E3F322EEB0783C644ECE600.exe
-
Size
764KB
-
Sample
230226-yvebqsaa2y
-
MD5
281768a86aea4bf6f786eee1a12dbbf8
-
SHA1
152c1a5c097177f984e28360486c160b3c967f86
-
SHA256
167bbd9058620cf4884372e3f322eeb0783c644ece600f0eee356b29a1d0925c
-
SHA512
f8bd5751ba22d801ef53a2f74fe3123b81e9b3564c1c0e530dd2e1921d79173e2233a1ce5bd091cdaa156175f1bb78cf80dfc7f578202c631e7db970c27f5dfd
-
SSDEEP
12288:erRsLGfhQYrgAupanwh7V3CmzlmYZ0FW0mEtJ:ICLGfhQIgAugnw9VBlmBpmEtJ
Static task
static1
Behavioral task
behavioral1
Sample
167BBD9058620CF4884372E3F322EEB0783C644ECE600.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
167BBD9058620CF4884372E3F322EEB0783C644ECE600.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
seznam.zapto.org:6606
seznam.zapto.org:7707
seznam.zapto.org:8808
wsqhardwkhsrdsfqi
-
delay
7
-
install
true
-
install_file
taskmengar.exe
-
install_folder
%AppData%
Targets
-
-
Target
167BBD9058620CF4884372E3F322EEB0783C644ECE600.exe
-
Size
764KB
-
MD5
281768a86aea4bf6f786eee1a12dbbf8
-
SHA1
152c1a5c097177f984e28360486c160b3c967f86
-
SHA256
167bbd9058620cf4884372e3f322eeb0783c644ece600f0eee356b29a1d0925c
-
SHA512
f8bd5751ba22d801ef53a2f74fe3123b81e9b3564c1c0e530dd2e1921d79173e2233a1ce5bd091cdaa156175f1bb78cf80dfc7f578202c631e7db970c27f5dfd
-
SSDEEP
12288:erRsLGfhQYrgAupanwh7V3CmzlmYZ0FW0mEtJ:ICLGfhQIgAugnw9VBlmBpmEtJ
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-