General
-
Target
40007c48c4a68c28353bc2263e46a8aa.bin
-
Size
916KB
-
Sample
230506-b8z42afe32
-
MD5
65ce69498979de18d1be4bce9d07dcfd
-
SHA1
675352d11288363611fb046381533fb11f0e9605
-
SHA256
b88c8d5ab92cb9feec842a48b18f3ec0331a8b10f1829e402ccd04d780dc120e
-
SHA512
f44a4c27874e5df91c4d8d9d4b73746892cc962a8841f17b6169dd1f897eb52e97c088dba9d1a7341f77efda5b5062abaff83baf8f1d404a11d99398455839f9
-
SSDEEP
24576:MEBQID/D2gfWhvsOL5UyYDCt4iRksg+lPmu4XDspVo53vYH4L:vzKZTuywy7gkPB4wp4vlL
Static task
static1
Behavioral task
behavioral1
Sample
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
37.120.210.219:48408
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11.exe
-
Size
1.0MB
-
MD5
40007c48c4a68c28353bc2263e46a8aa
-
SHA1
edc72a9967bda687d56ddfe0fddbca15d0c40035
-
SHA256
33650cc18d2e03d1cdf58b578a3383ed130b31ed641047d3a84ac4da124bea11
-
SHA512
2c6b5b33cf6338f8db9d81e51cdcd7782753dc25e26806a5ba8fa6c8982abc3c898c28751060f5c697a511c59ab6a4b9e24a234fa1f000ae14086815152fef77
-
SSDEEP
24576:NTbBv5rUanOuF+8bQybXmmNxrndGryTBZPa:HBjbs8bQSXVdGoBZy
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-