General
-
Target
async_modified_0.zip
-
Size
32.2MB
-
Sample
230602-pg6pdsbc56
-
MD5
489518b14412de03373efb0f6748c10d
-
SHA1
79407cb3ef838c74fed7af8ae2a15343a8061170
-
SHA256
e00de00f1dd4187b6bd9e863ffcc29ca4101feb0ef1906e0f01864533244e3de
-
SHA512
2e70cac4acba1f1ac20906463b82956ccf6c8ed6af59abd94251f697ae5decd0ffbe6d116b8ebb02d26388dfefdcec967fa3988be75fd9fc78a45f93c049b8be
-
SSDEEP
786432:G3B7Da83uoAOcbRRnMNHXUGrbFiuRrjqJgzS5VamIwsdzl09u/MWUApGa:GR7DaOuoLORRMdXUGrbssGJQUIwsF/9B
Behavioral task
behavioral1
Sample
async_modified_0.zip
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
async_modified_0.zip
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
async_modified_0.zip
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
| CRACKED BY https://t.me/xworm_v2
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
async_modified_0.zip
-
Size
32.2MB
-
MD5
489518b14412de03373efb0f6748c10d
-
SHA1
79407cb3ef838c74fed7af8ae2a15343a8061170
-
SHA256
e00de00f1dd4187b6bd9e863ffcc29ca4101feb0ef1906e0f01864533244e3de
-
SHA512
2e70cac4acba1f1ac20906463b82956ccf6c8ed6af59abd94251f697ae5decd0ffbe6d116b8ebb02d26388dfefdcec967fa3988be75fd9fc78a45f93c049b8be
-
SSDEEP
786432:G3B7Da83uoAOcbRRnMNHXUGrbFiuRrjqJgzS5VamIwsdzl09u/MWUApGa:GR7DaOuoLORRMdXUGrbssGJQUIwsF/9B
-
Async RAT payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-