General
-
Target
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe
-
Size
1.0MB
-
Sample
230504-rcnzwsch25
-
MD5
40007c48c4a68c28353bc2263e46a8aa
-
SHA1
edc72a9967bda687d56ddfe0fddbca15d0c40035
-
SHA256
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11
-
SHA512
2c6b5b33cf6338f8db9d81e51cdcd7782753dc25e26806a5ba8fa6c8982abc3c898c28751060f5c697a511c59ab6a4b9e24a234fa1f000ae14086815152fef77
-
SSDEEP
24576:NTbBv5rUanOuF+8bQybXmmNxrndGryTBZPa:HBjbs8bQSXVdGoBZy
Static task
static1
Behavioral task
behavioral1
Sample
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
37.120.210.219:48408
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe
-
Size
1.0MB
-
MD5
40007c48c4a68c28353bc2263e46a8aa
-
SHA1
edc72a9967bda687d56ddfe0fddbca15d0c40035
-
SHA256
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11
-
SHA512
2c6b5b33cf6338f8db9d81e51cdcd7782753dc25e26806a5ba8fa6c8982abc3c898c28751060f5c697a511c59ab6a4b9e24a234fa1f000ae14086815152fef77
-
SSDEEP
24576:NTbBv5rUanOuF+8bQybXmmNxrndGryTBZPa:HBjbs8bQSXVdGoBZy
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-