General
-
Target
ExLoader_Installer.exe
-
Size
23.3MB
-
Sample
230325-pplzyseg7y
-
MD5
951a41f877cd666aad445a28516aca9e
-
SHA1
eac105dff6289c2a0355e7afa6229fe8dcd9f027
-
SHA256
7e0e284b6476f78bb222bd56dedf9a5a3e89ff36a356741ac5e0f9f3c99651db
-
SHA512
48e778af1f105ea0447cde0138a5ec8d8ec7bcf3c026cf3534308cd14af12e558a17360491179dab1f541be23efe026a2b9f573c4df60c0cdfe278f9bea74e7a
-
SSDEEP
393216:YlL91czZyTEHvRePi3ITxqn6sGyuB0u01kjV47GjwwYYxn:cszFgMxnumjsVqY0Y
Static task
static1
Malware Config
Extracted
https://pastebin.com/raw/vNcCt60A
Extracted
asyncrat
1.0.7
Default
Mutex
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/3Z9zi18j
Targets
-
-
Target
ExLoader_Installer.exe
-
Size
23.3MB
-
MD5
951a41f877cd666aad445a28516aca9e
-
SHA1
eac105dff6289c2a0355e7afa6229fe8dcd9f027
-
SHA256
7e0e284b6476f78bb222bd56dedf9a5a3e89ff36a356741ac5e0f9f3c99651db
-
SHA512
48e778af1f105ea0447cde0138a5ec8d8ec7bcf3c026cf3534308cd14af12e558a17360491179dab1f541be23efe026a2b9f573c4df60c0cdfe278f9bea74e7a
-
SSDEEP
393216:YlL91czZyTEHvRePi3ITxqn6sGyuB0u01kjV47GjwwYYxn:cszFgMxnumjsVqY0Y
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-