General
-
Target
Pago32220023.exe
-
Size
636KB
-
Sample
230330-kxqkwsbh25
-
MD5
93de3df04100f402508d3c0c6cd6b0b0
-
SHA1
66d8015b249459c284d812a67326a816c5b64fc8
-
SHA256
ef6a185793a6d6b430ef1a15e01550221919075c5693c80fcea76651e250a14f
-
SHA512
fa64021716871efce01fdf7eac2645e79745aa38d1b7772a3f082402599466537db523f31db1d6c1618939ba5114350b177a79bb2be0aac24049fccab8cd842e
-
SSDEEP
12288:NcrNS33L10QdrXjCDnuLLcuva9O2VLFUBgYiAehcSPtVOHCCOZPtO3cw:wNA3R5drX2DuzERVvYidPVOoPtO3cw
Static task
static1
Behavioral task
behavioral1
Sample
Pago32220023.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Pago32220023.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
Pago32220023.exe
-
Size
636KB
-
MD5
93de3df04100f402508d3c0c6cd6b0b0
-
SHA1
66d8015b249459c284d812a67326a816c5b64fc8
-
SHA256
ef6a185793a6d6b430ef1a15e01550221919075c5693c80fcea76651e250a14f
-
SHA512
fa64021716871efce01fdf7eac2645e79745aa38d1b7772a3f082402599466537db523f31db1d6c1618939ba5114350b177a79bb2be0aac24049fccab8cd842e
-
SSDEEP
12288:NcrNS33L10QdrXjCDnuLLcuva9O2VLFUBgYiAehcSPtVOHCCOZPtO3cw:wNA3R5drX2DuzERVvYidPVOoPtO3cw
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-