General
-
Target
Odeme22323.exe
-
Size
814KB
-
Sample
230323-lmntzsgg2s
-
MD5
5cb296788614c0cbd3c912d8d2fdca36
-
SHA1
ff9d0762b965ac37faa9f4c3cf9faaa0d1ec57ae
-
SHA256
a68850f869d5a33aeedeb894e6ab9c743d35be9da971dea04361664fc00cca18
-
SHA512
5e4e918c13292f8bd4f349862a01e19dd03ae7e6f8a600c8a63b262c74584d1a1c4e2c4dd82402e4f0c4e8686ac110b217c2144af5df4709478b2960e177fe84
-
SSDEEP
24576:wNA3R5drX2D7hXzwX4acpkEFhVesL0P6NuxLHb:p5ETpLA6NcLHb
Static task
static1
Behavioral task
behavioral1
Sample
Odeme22323.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
Odeme22323.exe
-
Size
814KB
-
MD5
5cb296788614c0cbd3c912d8d2fdca36
-
SHA1
ff9d0762b965ac37faa9f4c3cf9faaa0d1ec57ae
-
SHA256
a68850f869d5a33aeedeb894e6ab9c743d35be9da971dea04361664fc00cca18
-
SHA512
5e4e918c13292f8bd4f349862a01e19dd03ae7e6f8a600c8a63b262c74584d1a1c4e2c4dd82402e4f0c4e8686ac110b217c2144af5df4709478b2960e177fe84
-
SSDEEP
24576:wNA3R5drX2D7hXzwX4acpkEFhVesL0P6NuxLHb:p5ETpLA6NcLHb
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-