General
-
Target
1wwyaeeCYc.exe
-
Size
96KB
-
Sample
230601-g1g65sdd7t
-
MD5
749fdef07e576ac40e42568780bd26bd
-
SHA1
93d0094038126ec31a5f0a9251318cdfb163cade
-
SHA256
a58ee92cdb05c92453c009c0792676ce815af1298cbbe9f36407d4933b8b942e
-
SHA512
d7e97331ce90dffa4d3da967e35c5b03b8454e220d2104f54c0f476ae73d5de78917e8cb0fcdd2df1b251e584cab38fa5a339195e8dfc845201f8d19e5a2ffe2
-
SSDEEP
1536:H0l3SSJshJixmFLZbIUfyVAEfUtweBXDMKrxWGHXKBJNfGtLF9pZO:9dhJVZbIUqVAbFDM0c7JNfAJ9pZO
Static task
static1
Behavioral task
behavioral1
Sample
1wwyaeeCYc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1wwyaeeCYc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
192.3.101.190:2015
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
1wwyaeeCYc.exe
-
Size
96KB
-
MD5
749fdef07e576ac40e42568780bd26bd
-
SHA1
93d0094038126ec31a5f0a9251318cdfb163cade
-
SHA256
a58ee92cdb05c92453c009c0792676ce815af1298cbbe9f36407d4933b8b942e
-
SHA512
d7e97331ce90dffa4d3da967e35c5b03b8454e220d2104f54c0f476ae73d5de78917e8cb0fcdd2df1b251e584cab38fa5a339195e8dfc845201f8d19e5a2ffe2
-
SSDEEP
1536:H0l3SSJshJixmFLZbIUfyVAEfUtweBXDMKrxWGHXKBJNfGtLF9pZO:9dhJVZbIUqVAbFDM0c7JNfAJ9pZO
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-