General
-
Target
Lana_Rohder_IMG.zip
-
Size
322KB
-
Sample
231122-jq2txabf9x
-
MD5
25b23a0ded50daca59dae1a708a364bc
-
SHA1
2e526b866611a6d8650c362aa6fb3a3295c7a699
-
SHA256
b9a9697b82e9241331c6afe52abb1dd313227c158cc7ffa32ac68c95cd083d28
-
SHA512
d6ade0f25da9b6e2b0289422c9d2b56c7cbf5307340726c23ecc5d7560400549f3eab67ce0e347ac99141ed72f7a41dc47407b0dabb6a8659857c1e2b10027f1
-
SSDEEP
6144:M1ZqZy6ZraZWIUVBjpDL5TdivHY7L4eKpDHHV6x85/NRVyMLUVfLIIm3b:MfqZy69LpH5qY34e+nVE85gjpI3b
Static task
static1
Behavioral task
behavioral1
Sample
Lana_Rohder_IMG.zip
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Lana_Rohder_IMG.zip
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
'
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
'
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
Lana_Rohder_IMG.vbs
Resource
win7-20231025-en
Behavioral task
behavioral6
Sample
Lana_Rohder_IMG.vbs
Resource
win10v2004-20231023-en
Malware Config
Extracted
asyncrat
1.0.7
FUD
141.95.84.40:4291
acw2
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Lana_Rohder_IMG.zip
-
Size
322KB
-
MD5
25b23a0ded50daca59dae1a708a364bc
-
SHA1
2e526b866611a6d8650c362aa6fb3a3295c7a699
-
SHA256
b9a9697b82e9241331c6afe52abb1dd313227c158cc7ffa32ac68c95cd083d28
-
SHA512
d6ade0f25da9b6e2b0289422c9d2b56c7cbf5307340726c23ecc5d7560400549f3eab67ce0e347ac99141ed72f7a41dc47407b0dabb6a8659857c1e2b10027f1
-
SSDEEP
6144:M1ZqZy6ZraZWIUVBjpDL5TdivHY7L4eKpDHHV6x85/NRVyMLUVfLIIm3b:MfqZy69LpH5qY34e+nVE85gjpI3b
Score1/10 -
-
-
Target
'
-
Size
697KB
-
MD5
2a21115867353c3cb04732f5b175c1d3
-
SHA1
076c30b453a4c7684b116f02dc251b0b48b700f9
-
SHA256
5a406f27014327ba0a27040e03e7c106a0db28e11cf55679ef711ad8da09f6b8
-
SHA512
2bfd8a6199823a355a0945075334a4541743399503c731175c56b6f34af81cd39151d91d140a67211528e21f799c28d1f362f8e09a101b32552d1bf25738a058
-
SSDEEP
12288:m+Ep3f1vWkq0c0hjfkACwsu4Qk/CYaw+EKWM3:m+E7WUEpwsu6/CYT+EKv3
Score1/10 -
-
-
Target
Lana_Rohder_IMG.vbs
-
Size
110KB
-
MD5
fe59dd4ed289fd64e23704bd445d83c6
-
SHA1
895f78cf82753441c83d8acc6028f2af9c9004d2
-
SHA256
30d7035471759444c3cc6dc0dcab54245cce7c417382fb56d41d42256dd0c590
-
SHA512
475a65b9133f7795cd0df591821cfe2614e5d11e2a947de73fba2dd2dbc02903ffebbf1e4ff3e8f9f680d14e39cb939287f5071a7910d9ff903122bf0c328bf4
-
SSDEEP
3072:n03pXdSenFkCum03pvfpp03pp03pp03pA:kSeQr5
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-