General
-
Target
e57213cd46e7e86a091b28a16a75ff63.bin
-
Size
529KB
-
Sample
230321-cc2tesad2w
-
MD5
649d32849c25ba79710a4edbf2dc9ffc
-
SHA1
2b209f4104e5b6bb1cf07076b5fef17fe55d3292
-
SHA256
be67d4edeb38b4111ab9fe65993cc6b83583f71183276581a2028784f94835f7
-
SHA512
56c063fd4bdee219b1ae4a3cb1104054801dd21a28b25ce23771421e8be642ae816ea3fd652b5e80d9e3c3f182df91d82806aa644dea4c0738395dab8450ce0f
-
SSDEEP
12288:YSIDz4dreFJeELjBpVgaPxN/abz02An6XVNiVgN3dTBON0:D5eFJeE3BpCaPxhabVAAUq3Zx
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
1c0a8ab60132cd737b83b2c9b502dfb2d5e3cf14174cc84e422ca1d19277202b.exe
-
Size
649KB
-
MD5
e57213cd46e7e86a091b28a16a75ff63
-
SHA1
530fc3194363f8aa63559a88f896aad76fdf2eda
-
SHA256
1c0a8ab60132cd737b83b2c9b502dfb2d5e3cf14174cc84e422ca1d19277202b
-
SHA512
285bea0686ee38221907a42bb97e3c4ab3eaf9a7b1e6ac4e352e1e1de6232e79a3662705c65e895a7a0779fc4c1d1477d90d94fe0e12cb7963737f6d2c644d05
-
SSDEEP
12288:NcrNS33L10QdrXjcDnFGUlwKjykzxvsULnXhzl4uZBKhmjleQKetoaLm/:wNA3R5drXoDFH9jdFz7xzCwKWlBtoaL4
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-