General
-
Target
svchost.exe
-
Size
4.9MB
-
Sample
230520-sx2l6adb27
-
MD5
6a6d722b4d27203afa3c468ddc6b96b0
-
SHA1
de9c73b7f98ed83dd17903ef41021481e30ef369
-
SHA256
ddd4f8f5f13ada5e5b4bc3d0b0d1a49572b68f600ef3bda720566171f229c5c6
-
SHA512
2418cdd6cf0b8e561847094a82235c83e0a146a2cbe53160f659e4a06192b51a6b7b90bf853a7901e879fc6e833928c4d061bf660e684c73d8ed8465ea1e16ab
-
SSDEEP
49152:jc+tbK8sTWJ708s2iwe0bjIZaxzrzrx8l0n3JjpmdPvoM/ICr5TVD:Y+1KbTWJY8saPbjICzPrGYFpmdPg8V
Static task
static1
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Microsoft
megaplaneta01.ddns.net:4782
localhost:4782
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
svchost.exe
-
Size
4.9MB
-
MD5
6a6d722b4d27203afa3c468ddc6b96b0
-
SHA1
de9c73b7f98ed83dd17903ef41021481e30ef369
-
SHA256
ddd4f8f5f13ada5e5b4bc3d0b0d1a49572b68f600ef3bda720566171f229c5c6
-
SHA512
2418cdd6cf0b8e561847094a82235c83e0a146a2cbe53160f659e4a06192b51a6b7b90bf853a7901e879fc6e833928c4d061bf660e684c73d8ed8465ea1e16ab
-
SSDEEP
49152:jc+tbK8sTWJ708s2iwe0bjIZaxzrzrx8l0n3JjpmdPvoM/ICr5TVD:Y+1KbTWJY8saPbjICzPrGYFpmdPg8V
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-