General
-
Target
532460789536784236784367345678543678.exe
-
Size
48KB
-
Sample
230329-xr3dqahe79
-
MD5
8db2a00346e1f71bbef2ee20782bbd06
-
SHA1
d4268a671b6799d9788915ce18ef3374da3ed0bd
-
SHA256
d0279ffc1699fc3ea4bf32245326f6eb7dbc78aa14e221e7369c7131b057c4ff
-
SHA512
d5720550ce290051eab4554a614e230e1a78084526ce45c1e70545d164ce3211a6932846d5dca89471bffd06a4fbd719aa9b853d14c32787abe90bcad301a528
-
SSDEEP
768:Z9umxLiIL1CaS+Dimhs1+Ei7dYbIgeGTTQhvEgK/JzZVc6KN:Z9uAPWm++rmbf5TGnkJzZVclN
Behavioral task
behavioral1
Sample
532460789536784236784367345678543678.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:8848
127.0.0.1:33901
spring-consultation.at.ply.gg:8848
spring-consultation.at.ply.gg:33901
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
\??\c:\users\admin\appdata\@please_read_me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
532460789536784236784367345678543678.exe
-
Size
48KB
-
MD5
8db2a00346e1f71bbef2ee20782bbd06
-
SHA1
d4268a671b6799d9788915ce18ef3374da3ed0bd
-
SHA256
d0279ffc1699fc3ea4bf32245326f6eb7dbc78aa14e221e7369c7131b057c4ff
-
SHA512
d5720550ce290051eab4554a614e230e1a78084526ce45c1e70545d164ce3211a6932846d5dca89471bffd06a4fbd719aa9b853d14c32787abe90bcad301a528
-
SSDEEP
768:Z9umxLiIL1CaS+Dimhs1+Ei7dYbIgeGTTQhvEgK/JzZVc6KN:Z9uAPWm++rmbf5TGnkJzZVclN
-
Async RAT payload
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-