General
-
Target
1af69713a366a92c3b264e3a0e1565ba.bin
-
Size
2.0MB
-
Sample
230327-bgwyascg71
-
MD5
4ff0cf1f868ced6a63ecc3385787707b
-
SHA1
e465385d215b73b176f065d52626d5e39e975288
-
SHA256
8aeff71545abbb926a51c95034de69548f939e5ad4bdd7f6356bc2731bab2135
-
SHA512
29b3f5316fae6e1b36ab60c5802491ac2aa1df3d2723b7fd7a3de418656015d5194259acd8314c06593f43c8e2352be4f839088734d14b116dab62f9377f6070
-
SSDEEP
49152:MP4D5qrD+ssbVQFxBvK0DQ9q4Lqbz8nfo9LD/PG:Ms5isGF3LDQ9qbz8AZD/PG
Static task
static1
Behavioral task
behavioral1
Sample
fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
BB
146.70.128.174:55178
1212
-
delay
3
-
install
false
-
install_file
MicrosoftRuntime.exe
-
install_folder
%AppData%
Targets
-
-
Target
fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68.exe
-
Size
3.5MB
-
MD5
1af69713a366a92c3b264e3a0e1565ba
-
SHA1
72c9ab603da34bfb19af604489089d9fe9ed8653
-
SHA256
fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68
-
SHA512
991fbde8bc838e165e97a7a0d242253060f762e2f579b007a29ac816461cd0e51758e740f45ff31d618a8aed057f89f6240cea3a0a7d3f3bb51eb98d08e5c8b9
-
SSDEEP
24576:gfRd0GtFA0vCpl0og+0q56UGEL5mSewB7CWq22d9nIcnHke6Q2lYeRVCFMjYg6Co:xB0diHNF3ynElzHcg6rv
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-