General
-
Target
b091c3ea9ca2f565dc4455017ea7b7337806ced4a340c993b0135a9e238f5ff8
-
Size
1.4MB
-
Sample
231126-vgs17aaf5w
-
MD5
1d3c46705beab45cb1b080ff24d4549e
-
SHA1
8ebd8e1ffa610939943284daafaeb1e27f35e988
-
SHA256
b091c3ea9ca2f565dc4455017ea7b7337806ced4a340c993b0135a9e238f5ff8
-
SHA512
37e93589c7c01f276d0e34875a06c787006db24e8ba458ac0d21f434252b169eb30d7c5f5e008f1b1a57f1d7829c39d49495c4f7b96e66d6c4aa2d49fc477d36
-
SSDEEP
24576:AmJMORe2zOUaltm9yU0Wd/qcU714D++PdQ+WhOCayUNo9X+aBjJVI1OyJ/:9+Ge2zhaltm9yvcUD4wkyUc7HH
Static task
static1
Behavioral task
behavioral1
Sample
b091c3ea9ca2f565dc4455017ea7b7337806ced4a340c993b0135a9e238f5ff8.exe
Resource
win7-20231020-en
Malware Config
Extracted
asyncrat
0.5.8
Update
6.tcp.eu.ngrok.io:18488
bQQYBRR46lgR
-
delay
3
-
install
true
-
install_file
Update.exe
-
install_folder
%AppData%
Targets
-
-
Target
b091c3ea9ca2f565dc4455017ea7b7337806ced4a340c993b0135a9e238f5ff8
-
Size
1.4MB
-
MD5
1d3c46705beab45cb1b080ff24d4549e
-
SHA1
8ebd8e1ffa610939943284daafaeb1e27f35e988
-
SHA256
b091c3ea9ca2f565dc4455017ea7b7337806ced4a340c993b0135a9e238f5ff8
-
SHA512
37e93589c7c01f276d0e34875a06c787006db24e8ba458ac0d21f434252b169eb30d7c5f5e008f1b1a57f1d7829c39d49495c4f7b96e66d6c4aa2d49fc477d36
-
SSDEEP
24576:AmJMORe2zOUaltm9yU0Wd/qcU714D++PdQ+WhOCayUNo9X+aBjJVI1OyJ/:9+Ge2zhaltm9yvcUD4wkyUc7HH
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-