General
-
Target
940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701
-
Size
6KB
-
Sample
231124-hp6wsshd6t
-
MD5
a75b85a9502a6933aa0a9873ac3a6df0
-
SHA1
b477e4eb9df62f6e3e80a6e3e54b4d2812c842ed
-
SHA256
940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701
-
SHA512
cdb238f48c60f92dc7896c7f5d6d4ea52499e918740c782092b59fbb96e0a1369ceb63be82c28c45683efae0480a94ee6369bbd10408907b24d15232e053bce7
-
SSDEEP
96:779Gll3VI2BG3axVYVGrUqD73T8j/nziMTXud3ojMXrl:H9G/33BGuUqDTT8j/nugudF
Static task
static1
Behavioral task
behavioral1
Sample
940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
asyncrat
0.5.7B
MicrosoftEdg
46.1.103.69:9371
MicrosoftEdg
-
delay
3
-
install
false
-
install_file
MicrosoftEdge
-
install_folder
%AppData%
Targets
-
-
Target
940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701
-
Size
6KB
-
MD5
a75b85a9502a6933aa0a9873ac3a6df0
-
SHA1
b477e4eb9df62f6e3e80a6e3e54b4d2812c842ed
-
SHA256
940d2c9ae3f5545cd6ec398089907f79c34e0c4341a23d2d2aaa7716378f3701
-
SHA512
cdb238f48c60f92dc7896c7f5d6d4ea52499e918740c782092b59fbb96e0a1369ceb63be82c28c45683efae0480a94ee6369bbd10408907b24d15232e053bce7
-
SSDEEP
96:779Gll3VI2BG3axVYVGrUqD73T8j/nziMTXud3ojMXrl:H9G/33BGuUqDTT8j/nugudF
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-