General
-
Target
Pago2132023.scr.exe
-
Size
637KB
-
Sample
230330-k8fvtsdd6x
-
MD5
88ad59b38bec8f8a831f2daf2b2626f6
-
SHA1
f78a88a726f00fa1f58de07148eacc45994e6d95
-
SHA256
94530ce58a289fbba223ab50512183f2dc1003ab227b144d6ec21c15cc427cce
-
SHA512
47a00bf2f1294240aae6e548118003a3572f4b745fc8531c6c1610de6a88fee9f55e4f987dde15c114dbdebb00fb902855d72f2369b62f0351a1de6be884ad43
-
SSDEEP
12288:NcrNS33L10QdrXjCDn2YeNoDue/WXvGiGpjOfGT95V11Z4nZuNL2Qm3F9U6:wNA3R5drX2D2Ybue//Ii9N34nsh2QKQ6
Static task
static1
Behavioral task
behavioral1
Sample
Pago2132023.scr.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
Pago2132023.scr.exe
-
Size
637KB
-
MD5
88ad59b38bec8f8a831f2daf2b2626f6
-
SHA1
f78a88a726f00fa1f58de07148eacc45994e6d95
-
SHA256
94530ce58a289fbba223ab50512183f2dc1003ab227b144d6ec21c15cc427cce
-
SHA512
47a00bf2f1294240aae6e548118003a3572f4b745fc8531c6c1610de6a88fee9f55e4f987dde15c114dbdebb00fb902855d72f2369b62f0351a1de6be884ad43
-
SSDEEP
12288:NcrNS33L10QdrXjCDn2YeNoDue/WXvGiGpjOfGT95V11Z4nZuNL2Qm3F9U6:wNA3R5drX2D2Ybue//Ii9N34nsh2QKQ6
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-