General
-
Target
a92bef216bec5b6fcc6a958305f81391.exe
-
Size
127KB
-
Sample
230324-p3672sgd8w
-
MD5
a92bef216bec5b6fcc6a958305f81391
-
SHA1
196de00aba5b37c7d7d5b7da6b6eb302257a81a9
-
SHA256
7b9a9b11fc9794d4e31d647a3cab02fecdb048e81bc13d37d1c3533b8e96a8d3
-
SHA512
1ddd77de29270944f9c25769b1dd0d655abea9ea7619af560a9160ef6648a09c559348236c65919a3ec63ab5a1b97e51a20fd2fe05a716ca52de2cd510e9f3a6
-
SSDEEP
3072:lh0ZVtDuop7hxJB0S4rObd4r9MrUEkmnnnnnZ/iUvVfG:lh0HtDTpkrObaBM7nnnnngAO
Behavioral task
behavioral1
Sample
a92bef216bec5b6fcc6a958305f81391.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
AsyncMutex_7SI8OkPnk
-
delay
3
-
install
true
-
install_file
ContainerRuntime.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/YgX9vKea
Targets
-
-
Target
a92bef216bec5b6fcc6a958305f81391.exe
-
Size
127KB
-
MD5
a92bef216bec5b6fcc6a958305f81391
-
SHA1
196de00aba5b37c7d7d5b7da6b6eb302257a81a9
-
SHA256
7b9a9b11fc9794d4e31d647a3cab02fecdb048e81bc13d37d1c3533b8e96a8d3
-
SHA512
1ddd77de29270944f9c25769b1dd0d655abea9ea7619af560a9160ef6648a09c559348236c65919a3ec63ab5a1b97e51a20fd2fe05a716ca52de2cd510e9f3a6
-
SSDEEP
3072:lh0ZVtDuop7hxJB0S4rObd4r9MrUEkmnnnnnZ/iUvVfG:lh0HtDTpkrObaBM7nnnnngAO
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-