General
-
Target
AMAZON generator.exe
-
Size
57KB
-
Sample
230309-2kkbsaae96
-
MD5
aa52d9f511487792583a6e9eec56ff20
-
SHA1
978dea41dbcc6815b4f1d8607374363611780a08
-
SHA256
08cc1e008aa8af68c0e8c403c0ebc06a74d8a0a061d6e2c4a8a2b81bf84a1251
-
SHA512
bb308b4e53b5f4f2ba228fc4d359f93fccf1624a5ed1c05d90f5277c643e999b7626defe335756699f12e2f74e72ffdc31283a6bfb015dd483ccb1172aebcef1
-
SSDEEP
1536:xu6cdTAu425IN33/3bAXLh7fbZqvd0v0UzD4:xu6ITAu42qN33/3bA97fbEvHUzD4
Behavioral task
behavioral1
Sample
AMAZON generator.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Gen.exe
-
install_folder
%AppData%
Targets
-
-
Target
AMAZON generator.exe
-
Size
57KB
-
MD5
aa52d9f511487792583a6e9eec56ff20
-
SHA1
978dea41dbcc6815b4f1d8607374363611780a08
-
SHA256
08cc1e008aa8af68c0e8c403c0ebc06a74d8a0a061d6e2c4a8a2b81bf84a1251
-
SHA512
bb308b4e53b5f4f2ba228fc4d359f93fccf1624a5ed1c05d90f5277c643e999b7626defe335756699f12e2f74e72ffdc31283a6bfb015dd483ccb1172aebcef1
-
SSDEEP
1536:xu6cdTAu425IN33/3bAXLh7fbZqvd0v0UzD4:xu6ITAu42qN33/3bA97fbEvHUzD4
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-