General
-
Target
SVD002837727.arj
-
Size
538KB
-
Sample
230607-mxs25ahf69
-
MD5
f01a50aec86ae6ece648dede1f6dfe0b
-
SHA1
cc81ef9d19b6ade789a42661b89b0ff835e15cfb
-
SHA256
a1158bb27506c07d1c7b8967d5acb78bf4918f3df265a46a65dcaba4d4e78f6e
-
SHA512
e2a5372f2e73f2c213d07953a4ffec21b4409461ef46f618ed010c1ff5c907e360ac7c9a8fb16dd5c5bec28ccfcc1c53eb8e8a6022649cf9666a6ec9c66295af
-
SSDEEP
12288:SHV+AAOdKgOGrECXaVL0fSspiqgZLSchlcwiupx8Sotj+yEGWsE3gE:8+AAyOGpq2hiqgF3h3iu/8SYKGWgE
Static task
static1
Behavioral task
behavioral1
Sample
SVD002837727.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
reportss.duckdns.org:3110
reportss.duckdns.org:4466
reportss.duckdns.org:7755
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SVD002837727.exe
-
Size
653KB
-
MD5
98606a9e2540ba34e1c98760900ac508
-
SHA1
9918ca6bf5c9b1ccc1206724514d56a41d7adeb1
-
SHA256
46bdfb06a8c272dff04b4eeebba3fffd7849193c8a0ce13c2dc7b3a16b26a1a9
-
SHA512
86cedacb5f46baa0d899573f44b67ed659e57f8c4a397992e745365c29099de4262c98f5678d54c66018264958c7821380c185905ffedf83208f1f48859e3829
-
SSDEEP
12288:LZyvbhaDnLMzIL2q+RTdOL8lUzKlXt0nKXRa99uk1UFDuhZCQUKOWkZJJXv/LiQg:GOyqGUL8lV3nXRwuSqQJI
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-