General
-
Target
service.exe
-
Size
284KB
-
Sample
230403-q99r7afb58
-
MD5
e6b48ad5c49a697bfb3c84575357d01b
-
SHA1
7e5895a67df33cc67bb6fb75724e2093bea9a242
-
SHA256
1ed516d9917b709dd5dbdb6ca991e37cff7241b6f66af51ae98bd1cce3c6cb38
-
SHA512
0c863593c355c2d5775daf1d4c34b6f35537c82d48abd912e65ee423e073d543d6aeac11186e7857b74b6c98eed7fb060829946d2bdca195dee27aea4cb4e9ec
-
SSDEEP
6144:7gZiAEAO0sByNsAal3gVAWgS7/OhwjKfqMe:7gZXEAO/BUdG3gVdt7KnfqMe
Static task
static1
Malware Config
Extracted
https://pastebin.com/raw/TsGkGCyE
Extracted
asyncrat
1.0.7
Default
Mutex
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/eSp7rncc
Targets
-
-
Target
service.exe
-
Size
284KB
-
MD5
e6b48ad5c49a697bfb3c84575357d01b
-
SHA1
7e5895a67df33cc67bb6fb75724e2093bea9a242
-
SHA256
1ed516d9917b709dd5dbdb6ca991e37cff7241b6f66af51ae98bd1cce3c6cb38
-
SHA512
0c863593c355c2d5775daf1d4c34b6f35537c82d48abd912e65ee423e073d543d6aeac11186e7857b74b6c98eed7fb060829946d2bdca195dee27aea4cb4e9ec
-
SSDEEP
6144:7gZiAEAO0sByNsAal3gVAWgS7/OhwjKfqMe:7gZXEAO/BUdG3gVdt7KnfqMe
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-