General
-
Target
123.exe
-
Size
165KB
-
Sample
230323-m1g42afb49
-
MD5
85e184f78890926b234f00e849f784a5
-
SHA1
b4b29e2e1c783ca42d4619b5c403590a1a213d2e
-
SHA256
f8c1d4136081e19fba8ea2c9ba40487a65e5a338997116fda7b4845cb5138990
-
SHA512
0a5040c43e2a65c33e54d3547ebc6b7ee853f46359752b8693757c4cf54520c2cd357b575c2bdc04cc378da4e1ae847005db95f674ba175fe23227760c738f75
-
SSDEEP
3072:iEBMe85qktJGThMsYMkHwl5cAOVw28lNb7fexY/Mhs6kO:iEB5857MThzYM8wl5cDKH7UYEl
Static task
static1
Behavioral task
behavioral1
Sample
123.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
123.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: ftp- Host:
45.151.135.235 - Port:
21 - Username:
123 - Password:
123
Extracted
asyncrat
61.160.213.14:8848
xihongshi
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
123.exe
-
Size
165KB
-
MD5
85e184f78890926b234f00e849f784a5
-
SHA1
b4b29e2e1c783ca42d4619b5c403590a1a213d2e
-
SHA256
f8c1d4136081e19fba8ea2c9ba40487a65e5a338997116fda7b4845cb5138990
-
SHA512
0a5040c43e2a65c33e54d3547ebc6b7ee853f46359752b8693757c4cf54520c2cd357b575c2bdc04cc378da4e1ae847005db95f674ba175fe23227760c738f75
-
SSDEEP
3072:iEBMe85qktJGThMsYMkHwl5cAOVw28lNb7fexY/Mhs6kO:iEB5857MThzYM8wl5cDKH7UYEl
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-