General
-
Target
Odeme3222023.scr.exe
-
Size
635KB
-
Sample
230322-xn8rbsag57
-
MD5
02e24e9cfe0669ac85121b1b35f7a942
-
SHA1
0acb91424c9e6329b0966177cc5541f0bb2c4908
-
SHA256
7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69
-
SHA512
cc697818469e535cdb3d9470bb25d38f8d845d668d50e72b61911bd561d94ffff5e04448fda4537bba28fb5666345b1fc748b1f80443c54bac6ca191df4de013
-
SSDEEP
12288:NcrNS33L10QdrXjCDn1R6WlM96zWDfJbZEvJmD7ugVkh/fwJ6DD:wNA3R5drX2D1RTM9aEfJbUYD79ofJDD
Static task
static1
Behavioral task
behavioral1
Sample
Odeme3222023.scr.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
Odeme3222023.scr.exe
-
Size
635KB
-
MD5
02e24e9cfe0669ac85121b1b35f7a942
-
SHA1
0acb91424c9e6329b0966177cc5541f0bb2c4908
-
SHA256
7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69
-
SHA512
cc697818469e535cdb3d9470bb25d38f8d845d668d50e72b61911bd561d94ffff5e04448fda4537bba28fb5666345b1fc748b1f80443c54bac6ca191df4de013
-
SSDEEP
12288:NcrNS33L10QdrXjCDn1R6WlM96zWDfJbZEvJmD7ugVkh/fwJ6DD:wNA3R5drX2D1RTM9aEfJbUYD79ofJDD
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-