General
-
Target
83a1b442bf9761f33881468eb8be300e18c5c12691eb52681efee2c4c5842a06.zip
-
Size
183KB
-
Sample
230321-qphszaae32
-
MD5
d41faf87ee0b154732e1f9ed227fd58f
-
SHA1
71f8d4d1bcf244d37838392b54224009b0c63c94
-
SHA256
fbd57e5294d26fdc3a319da895d8537a83a84ed01f1492e9730dc7b3d6ee5f94
-
SHA512
1a883f770add7f4d30857c3249b7d336f266a6f5877a79c75308a358478011518aff4e5dcd8c3585bd6b47a59f89200dfdef4ab35abf0af88c5605485dc1839f
-
SSDEEP
3072:wScSme80EHGuDy5CG2XnEO7sAwS1qSfsLVbQaxxkcQzFxTABJRQ79h6IU1uXgRS:wScSmetyrc9KDqxoLABJy79szuXz
Malware Config
Extracted
asyncrat
- By Dimas Rodrigues
2023
clsuplementos.ddns.net:1110
clsuplementos.ddns.net:2220
clsuplementos.ddns.net:3330
clsuplementos.ddns.net:4440
clsuplementos.ddns.net:5550
clsuplementos.ddns.net:6660
clsuplementos.ddns.net:7770
clsuplementos.ddns.net:8880
clsuplementos.ddns.net:9990
handling.ddns.net:1110
handling.ddns.net:2220
handling.ddns.net:3330
handling.ddns.net:4440
handling.ddns.net:5550
handling.ddns.net:6660
handling.ddns.net:7770
handling.ddns.net:8880
handling.ddns.net:9990
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
83a1b442bf9761f33881468eb8be300e18c5c12691eb52681efee2c4c5842a06.chm
-
Size
190KB
-
MD5
9d9a0a119044c6a83d533a1941bb64c5
-
SHA1
279387ccf49c5f71c99f8b89b333be4a70f6cab6
-
SHA256
83a1b442bf9761f33881468eb8be300e18c5c12691eb52681efee2c4c5842a06
-
SHA512
31c4edbcff416df4cada81dbd1e3bdc752cb8a74c837787feba01d9e93e00970b15efac6bf70548b8ba1811cf7e7522bbd64cfe0572d5619759b8069b5b399b2
-
SSDEEP
3072:Xg4C8YLEo5xuIvDocDWjc/pgDXQgKpacezvRBDobwrArHMp1G6/AirUIKX6MA:XpYIW0UY8pTxp/mjmqArYRQIKX5A
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-