General
-
Target
Odeme3222023.gz.zip
-
Size
513KB
-
Sample
230323-p1r1cahf2z
-
MD5
d5e9854750735f368a80beb0b6dd97c4
-
SHA1
d53b59f041d432a251053eff27055c9eee91bbe2
-
SHA256
d4d4f37aa785f75cb096d0a6b275b0c9f8744e7cd0ea8c84f639c89258f4d992
-
SHA512
6222a9bf5036610a113671282f8c0fd3fdf3464770e0865543cfc42fd5df248445aa1f418ea5735b62c245fff4a59e0196685ea1e2d7e7965b149939a92ebd36
-
SSDEEP
12288:TxR4g66m9h3lMb67WDfJbLEBJmD7wgdeh/RwJ6DM:cgf4MbYEfJbeYD7vqRJDM
Static task
static1
Behavioral task
behavioral1
Sample
Odeme3222023.scr
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
Odeme3222023.scr
-
Size
635KB
-
MD5
02e24e9cfe0669ac85121b1b35f7a942
-
SHA1
0acb91424c9e6329b0966177cc5541f0bb2c4908
-
SHA256
7158cb26fb5a843496b92e30c4366fdfa2b49cd8c59f280ee71e853a68ef0a69
-
SHA512
cc697818469e535cdb3d9470bb25d38f8d845d668d50e72b61911bd561d94ffff5e04448fda4537bba28fb5666345b1fc748b1f80443c54bac6ca191df4de013
-
SSDEEP
12288:NcrNS33L10QdrXjCDn1R6WlM96zWDfJbZEvJmD7ugVkh/fwJ6DD:wNA3R5drX2D1RTM9aEfJbUYD79ofJDD
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-