General
-
Target
tmpuaup3ft4
-
Size
546KB
-
Sample
230330-kvjdssbg97
-
MD5
6dcafb48fe7ce41935fe5f3553d6ffbc
-
SHA1
ecedff7a0bdcf290830712ca7599b3c92f4a8bbd
-
SHA256
b8f91cb2906c890e58423e51c9b5a63fe8948668d7a09e8920aec5ef62834ba0
-
SHA512
2855e78785cdba35959ae253f9de6cb2f7783c6db8af46caf91e68d985831dd72f06c6b424599c637a3e6925ea834559d769e7d6f20a549a54ca0cb6e7417c0f
-
SSDEEP
12288:NcrNS33L10QdrXjzDnwvSljOWqRlPPZxOgo3uesCQ+Q:wNA3R5drX3Dwv+avRlTOUesCK
Static task
static1
Behavioral task
behavioral1
Sample
tmpuaup3ft4.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
tmpuaup3ft4
-
Size
546KB
-
MD5
6dcafb48fe7ce41935fe5f3553d6ffbc
-
SHA1
ecedff7a0bdcf290830712ca7599b3c92f4a8bbd
-
SHA256
b8f91cb2906c890e58423e51c9b5a63fe8948668d7a09e8920aec5ef62834ba0
-
SHA512
2855e78785cdba35959ae253f9de6cb2f7783c6db8af46caf91e68d985831dd72f06c6b424599c637a3e6925ea834559d769e7d6f20a549a54ca0cb6e7417c0f
-
SSDEEP
12288:NcrNS33L10QdrXjzDnwvSljOWqRlPPZxOgo3uesCQ+Q:wNA3R5drX3Dwv+avRlTOUesCK
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-