General
-
Target
ExLoader_Installer.exe
-
Size
22.7MB
-
Sample
230312-sd3p4sgc6y
-
MD5
1984597d30e887628b90572a6357bba2
-
SHA1
29c97f38f52bab03f2eb88f4e064f84e427edc52
-
SHA256
46c7e32e60e27069b55a0699950d4924735e761900c4ad91a9ad8ffe8f30a0da
-
SHA512
ae7ab4a44b3546fd6b9a7b9d73e23b9d54bf6379cbba05376901899bdbd6af86dc60a00342261f7485cbb7fd9d6df244570b686c0cd6b9131819128d985be1c1
-
SSDEEP
393216:s8p+QAEKfrOudWlitro+V1UsfUous4fXi0m:tjArLtrV1Us4s4fX7
Static task
static1
Behavioral task
behavioral1
Sample
ExLoader_Installer.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_qwqdanchun
-
delay
71
-
install
true
-
install_file
csrss.exe
-
install_folder
%Temp%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
ExLoader_Installer.exe
-
Size
22.7MB
-
MD5
1984597d30e887628b90572a6357bba2
-
SHA1
29c97f38f52bab03f2eb88f4e064f84e427edc52
-
SHA256
46c7e32e60e27069b55a0699950d4924735e761900c4ad91a9ad8ffe8f30a0da
-
SHA512
ae7ab4a44b3546fd6b9a7b9d73e23b9d54bf6379cbba05376901899bdbd6af86dc60a00342261f7485cbb7fd9d6df244570b686c0cd6b9131819128d985be1c1
-
SSDEEP
393216:s8p+QAEKfrOudWlitro+V1UsfUous4fXi0m:tjArLtrV1Us4s4fX7
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-