General
-
Target
bb34cd21ee206d7806389f91f61db2e7.exe
-
Size
62KB
-
Sample
230329-r5ab7sgg42
-
MD5
bb34cd21ee206d7806389f91f61db2e7
-
SHA1
e841de62327b9471bd03e4b119a2bb74c9386eaa
-
SHA256
8b4f1c71738de8922b87e5a9edc2c5268c4737db0843eac102d7d95b0058db6c
-
SHA512
ae0a359345c54489ac84f393186b48862d256c410e3dac89f1698c75c936109e00ff7d125cddd23f38a57378a48c5f14bef4fd2bc995edf4b04ffdddde88e5e9
-
SSDEEP
1536:Xv3TgTyogc90aJb9eVor7VcUYZR4v7qf+:XfTgTyogcOaJb99CUcxm
Behavioral task
behavioral1
Sample
bb34cd21ee206d7806389f91f61db2e7.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
true
YouTube C
RRAT_HSzLEG3X5
-
delay
3
-
install
false
-
install_file
powershell Add-MpPreference -ExclusionPath C:\
-
install_folder
Explorer.exe
-
pastebin_config
http://pastebin.com/raw/KKpnJShN
Targets
-
-
Target
bb34cd21ee206d7806389f91f61db2e7.exe
-
Size
62KB
-
MD5
bb34cd21ee206d7806389f91f61db2e7
-
SHA1
e841de62327b9471bd03e4b119a2bb74c9386eaa
-
SHA256
8b4f1c71738de8922b87e5a9edc2c5268c4737db0843eac102d7d95b0058db6c
-
SHA512
ae0a359345c54489ac84f393186b48862d256c410e3dac89f1698c75c936109e00ff7d125cddd23f38a57378a48c5f14bef4fd2bc995edf4b04ffdddde88e5e9
-
SSDEEP
1536:Xv3TgTyogc90aJb9eVor7VcUYZR4v7qf+:XfTgTyogcOaJb99CUcxm
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-