General
-
Target
1wwyaeeCYc.gz.zip
-
Size
44KB
-
Sample
230601-mpymmsdg87
-
MD5
bc6149d6d86b23d6a275f8fd3a448b82
-
SHA1
cc47e398e2effce6bb6beb4329ce5d372f22cc40
-
SHA256
f5d3df7ed5a6a84b14c3200752e6a43b3d8f23ab08fb0c1f7f7e192bb48cb206
-
SHA512
4d47965063df8d05c31474c2045a2088eb7a0101427c0bc17bb4e914d75bc892fd65eb552284ac5b04283eaea6c488ca900fd986d19f3c732b29f542255a0b4d
-
SSDEEP
768:jKg+RI+KBAWz/PzGjez250gYjimQozkMUx9l3rE7ck7/OLG8IDp9L7QMN:jF+foj3zYvqYYPk9iwzG8IDv7
Static task
static1
Behavioral task
behavioral1
Sample
1wwyaeeCYc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1wwyaeeCYc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
192.3.101.190:2015
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
1wwyaeeCYc.exe
-
Size
96KB
-
MD5
749fdef07e576ac40e42568780bd26bd
-
SHA1
93d0094038126ec31a5f0a9251318cdfb163cade
-
SHA256
a58ee92cdb05c92453c009c0792676ce815af1298cbbe9f36407d4933b8b942e
-
SHA512
d7e97331ce90dffa4d3da967e35c5b03b8454e220d2104f54c0f476ae73d5de78917e8cb0fcdd2df1b251e584cab38fa5a339195e8dfc845201f8d19e5a2ffe2
-
SSDEEP
1536:H0l3SSJshJixmFLZbIUfyVAEfUtweBXDMKrxWGHXKBJNfGtLF9pZO:9dhJVZbIUqVAbFDM0c7JNfAJ9pZO
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-