General
-
Target
ExLoader_Installer.exe
-
Size
22.7MB
-
Sample
230312-sepvmsgc61
-
MD5
140af65d80b2207d27d06d615c26cf1b
-
SHA1
b8f2870f031557d2148a1815fe58bf80d4638ab1
-
SHA256
8c10614f9a30ed7886e22cde541cd3e71a6ac2fd32723d55159d27fbbe8b510a
-
SHA512
9a624e61ad361733c6f259452911d18223770225b4335f19094771f9fed511c53d813651b349a64dda16ede7c27b480036da03733dd708511fa8afa342635657
-
SSDEEP
393216:ZoB0I1xT3gkcWP26cFqkjGfki8d4Rr0mekeO8vduCx:g3gPWP2S7446TP9
Static task
static1
Behavioral task
behavioral1
Sample
ExLoader_Installer.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
DcRatMutex_qwqdanchun
-
delay
71
-
install
true
-
install_file
csrss.exe
-
install_folder
%Temp%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
ExLoader_Installer.exe
-
Size
22.7MB
-
MD5
140af65d80b2207d27d06d615c26cf1b
-
SHA1
b8f2870f031557d2148a1815fe58bf80d4638ab1
-
SHA256
8c10614f9a30ed7886e22cde541cd3e71a6ac2fd32723d55159d27fbbe8b510a
-
SHA512
9a624e61ad361733c6f259452911d18223770225b4335f19094771f9fed511c53d813651b349a64dda16ede7c27b480036da03733dd708511fa8afa342635657
-
SSDEEP
393216:ZoB0I1xT3gkcWP26cFqkjGfki8d4Rr0mekeO8vduCx:g3gPWP2S7446TP9
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-