General
-
Target
test.exe
-
Size
2.9MB
-
Sample
230311-yml2lsbb27
-
MD5
500151e7dc0acc7fda0cd4d3870ecacd
-
SHA1
4a634975feb1c3adf814cfb0ff5dfcf75ad5dfdf
-
SHA256
01035e3da31903105da034556332fdb5e12b1b73d3bdd743c53dda86b1a02f2f
-
SHA512
6b082b7111bef5fec0193da473ff766b6ecc1b71fe985d2728354bb11ef948f4a6200849b1d9f98746c30783fe58e1d4f68c57f496d391ee43a963e926b42da5
-
SSDEEP
49152:RDwZ5Z54M/4rYHU50V5tT3Eo2dhlYbAoxrYYHX7iWd7r9adMu:iZB4i4rF2Yo2dhExrhHLBd7rqMu
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
coolmaneurokoolcom-26401.portmap.host:26401
DcRatMutex_qwqdanchun
-
delay
1
-
install
true
-
install_file
ABDJCM.exe
-
install_folder
%AppData%
Targets
-
-
Target
test.exe
-
Size
2.9MB
-
MD5
500151e7dc0acc7fda0cd4d3870ecacd
-
SHA1
4a634975feb1c3adf814cfb0ff5dfcf75ad5dfdf
-
SHA256
01035e3da31903105da034556332fdb5e12b1b73d3bdd743c53dda86b1a02f2f
-
SHA512
6b082b7111bef5fec0193da473ff766b6ecc1b71fe985d2728354bb11ef948f4a6200849b1d9f98746c30783fe58e1d4f68c57f496d391ee43a963e926b42da5
-
SSDEEP
49152:RDwZ5Z54M/4rYHU50V5tT3Eo2dhlYbAoxrYYHX7iWd7r9adMu:iZB4i4rF2Yo2dhExrhHLBd7rqMu
-
Async RAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-