General
-
Target
d8270b3ab372ed508c56f10846ee64a9d7e8040699e311eac38dba2069fb74a5
-
Size
1.5MB
-
Sample
230227-hhehzacb94
-
MD5
243f4d7d56da6f9f03a0ad8953722a7b
-
SHA1
0acec5042e9a9fec184ee0dfb9fcd6067fd03f6e
-
SHA256
d8270b3ab372ed508c56f10846ee64a9d7e8040699e311eac38dba2069fb74a5
-
SHA512
da9f261d2b462d7412d8999f560bd55629e5bbd512a11e461ffc1046233c5d6fe80e464ac5483e73e52e0207563bfe06fb8bf3659f14e2ce4d0008ce96c77ef6
-
SSDEEP
12288:pfW2rQeoEBPLZHAWjqQ3xnhV16rT1tGdXC:pfRVfZgWzxnhLa1tSXC
Static task
static1
Behavioral task
behavioral1
Sample
d8270b3ab372ed508c56f10846ee64a9d7e8040699e311eac38dba2069fb74a5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d8270b3ab372ed508c56f10846ee64a9d7e8040699e311eac38dba2069fb74a5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
seznam.zapto.org:6606
seznam.zapto.org:7707
seznam.zapto.org:8808
milla.publicvm.com:6606
milla.publicvm.com:7707
milla.publicvm.com:8808
tibhzadmqmdah
-
delay
4
-
install
true
-
install_file
sezneml.exe
-
install_folder
%AppData%
Targets
-
-
Target
d8270b3ab372ed508c56f10846ee64a9d7e8040699e311eac38dba2069fb74a5
-
Size
1.5MB
-
MD5
243f4d7d56da6f9f03a0ad8953722a7b
-
SHA1
0acec5042e9a9fec184ee0dfb9fcd6067fd03f6e
-
SHA256
d8270b3ab372ed508c56f10846ee64a9d7e8040699e311eac38dba2069fb74a5
-
SHA512
da9f261d2b462d7412d8999f560bd55629e5bbd512a11e461ffc1046233c5d6fe80e464ac5483e73e52e0207563bfe06fb8bf3659f14e2ce4d0008ce96c77ef6
-
SSDEEP
12288:pfW2rQeoEBPLZHAWjqQ3xnhV16rT1tGdXC:pfRVfZgWzxnhLa1tSXC
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-