General
-
Target
harddishspoof.rar
-
Size
1.3MB
-
Sample
230402-rttlpsgg42
-
MD5
3c1dc9dda8f8d88795936000f01b7dff
-
SHA1
b67a8adfbb231064d4fd7947fe51033c02f4b71a
-
SHA256
0bbe96bf9edd88365697ad1b6ac2e7d6ec935e9db55010b5295e9214fa2b9270
-
SHA512
183c727d91a0100f756dbb4629c55414ec8d7f5ef55ac57ec20927f4a8766851f9366b1d718eb7b441d29e8a9b9a9f73b4a5e3a64cb7f6d2bd07a2d495e1d0eb
-
SSDEEP
24576:/MM+loqEdd3r5hidj52eoxClDlHgW2dkIGVw8H0VWVUEtb/KWCq2CkdmqcJUaF:QlANaqQvHgVGVwk0V4UsbMvdmqc/F
Static task
static1
Behavioral task
behavioral1
Sample
serial.dll
Resource
win10v2004-20230221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
aslavazgecme.duckdns.org:1000
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
Targets
-
-
Target
serial.dll
-
Size
6.4MB
-
MD5
022f385e55d9d3d42a33b4ca999bf22a
-
SHA1
5d2f22d51d2e87ae8d1f2c1acd3f08f4fdddf107
-
SHA256
3b0e1b3af6d2b8b3d02b6cd52849277c9c8066c2ae565e68253d4551c37492d3
-
SHA512
7fd663b56a2894d1db2ee1032067091f72a4ac301ee8cd392030c6ab186e3bb960d8e35a8591204fc23e9b5a145a2a9ab0092b1c9e6ae5c9c2dc2adf907a891c
-
SSDEEP
98304:iZavd9tWpmIgMlqVz+rQVe97lwu9cXvBxDh3DYnskFb06vSXvfnjMK3aYLB+8uNl:ivKv8XcXD4K
Score1/10 -
-
-
Target
serialchanger.exe
-
Size
84KB
-
MD5
5b32c6f20548089017501a776c12f89a
-
SHA1
80e01010aa6086ca1360b887712866bdece2f647
-
SHA256
724b95160127a1fac9bea14139ad0c773a9fd7f4bf0811c950e9a56003e3a49b
-
SHA512
dbbafe54b326a1bb847ad4acd0145d1742e71cbac0057733cd3f79e82d6747f191d3916d2e02b3710e383b330f0036bf1ce65b5a62fd0dd7bc00dd570ca01aee
-
SSDEEP
1536:LRLKj9CmSbxKCcS1+/7ryiw2RLku5QavfJKOKcl:L9KhcZccSyiw29waJK9Y
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-