General
-
Target
Odeme22323_1.gz.zip
-
Size
693KB
-
Sample
230323-p1r1cahf2y
-
MD5
d6d92cf3a689fabe90397b6621ab64b1
-
SHA1
eba7a7708c0bb385700de6fa38dcef900255ce8e
-
SHA256
03249216f693b7eba0f38fa90c5d183dd61ce61a20f481c8973ebf271871e54a
-
SHA512
6e90b29a4bf72844693155ffba7e8159f6fa04463560a154fc42b8a9926450922b6abd7ac7b67498f13093b9aea4a2501b27c04a1923d380190c298bb5a2ccf2
-
SSDEEP
12288:2xR4g66m4iAtUelh02WzM4acp0lUIUHlS00fFBbt3FELcWliP6KqkWwp0ux7Hc:9gf/w2X4acp0mFlbM4L0P6nux7Hc
Static task
static1
Behavioral task
behavioral1
Sample
Odeme22323.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
Odeme22323.exe
-
Size
814KB
-
MD5
5cb296788614c0cbd3c912d8d2fdca36
-
SHA1
ff9d0762b965ac37faa9f4c3cf9faaa0d1ec57ae
-
SHA256
a68850f869d5a33aeedeb894e6ab9c743d35be9da971dea04361664fc00cca18
-
SHA512
5e4e918c13292f8bd4f349862a01e19dd03ae7e6f8a600c8a63b262c74584d1a1c4e2c4dd82402e4f0c4e8686ac110b217c2144af5df4709478b2960e177fe84
-
SSDEEP
24576:wNA3R5drX2D7hXzwX4acpkEFhVesL0P6NuxLHb:p5ETpLA6NcLHb
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-