General
-
Target
ExLoader_Installer.exe
-
Size
23.3MB
-
Sample
230325-pcd4ksce99
-
MD5
d87a43f5c2744f5014401405aad5aa27
-
SHA1
e13b43d6eb814c7f0ac606754a9eaebe6bd26c43
-
SHA256
07cf0a5861804708fe24a76681e4e1945379ed8e3f71678c9545490b7e78e4ee
-
SHA512
be65334aa0f057a469d3f76377b54743e19e63c5df71381b63742cc6f0b075133f1a0e612906386dc6c4fbcc1fce90c84a029a41bb4b30c6b2fe98fcbcec5456
-
SSDEEP
393216:LmZ9vsN9Vz7SJ5E5clszZw4+f0OuQ+cXXFLRCFM9QT4WR/jADCLWY:iZ9qVz7u5sXAf/F+cXLyM9QHxjADCLr
Static task
static1
Malware Config
Extracted
https://pastebin.com/raw/vNcCt60A
Extracted
asyncrat
1.0.7
Default
Mutex
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
ExLoader_Installer.exe
-
Size
23.3MB
-
MD5
d87a43f5c2744f5014401405aad5aa27
-
SHA1
e13b43d6eb814c7f0ac606754a9eaebe6bd26c43
-
SHA256
07cf0a5861804708fe24a76681e4e1945379ed8e3f71678c9545490b7e78e4ee
-
SHA512
be65334aa0f057a469d3f76377b54743e19e63c5df71381b63742cc6f0b075133f1a0e612906386dc6c4fbcc1fce90c84a029a41bb4b30c6b2fe98fcbcec5456
-
SSDEEP
393216:LmZ9vsN9Vz7SJ5E5clszZw4+f0OuQ+cXXFLRCFM9QT4WR/jADCLWY:iZ9qVz7u5sXAf/F+cXLyM9QHxjADCLr
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-