General
-
Target
tmp
-
Size
2.1MB
-
Sample
231207-g6sj3ahfcq
-
MD5
e18397f25b87a6f58b9c226e8e9ea03f
-
SHA1
add05b6925225f6450fac5022d0959c722a57a5d
-
SHA256
9bbff8a558332514842fc08308705cecc41c4867511d4a0e6622a321c7041900
-
SHA512
8dc167e97f3c897d5c8d4319e1fb6eca1e71d3992a2263be8461c469ae43a2136c2864bc897502ef05b47182b5bdfc7a041943b9e0e624531a4d9d4d0438f922
-
SSDEEP
6144:YYRlal53xl2QVZzNy1smH33GOUlVe2R93p8E+epjNfO/VJC+aoUOTyd/94d1qiMN:e5Pdzh
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
91.92.247.161:5531
91.92.247.123:5531
91.92.247.96:5531
LAFnioqwfOASDjiqwfqfwdsv
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
tmp
-
Size
2.1MB
-
MD5
e18397f25b87a6f58b9c226e8e9ea03f
-
SHA1
add05b6925225f6450fac5022d0959c722a57a5d
-
SHA256
9bbff8a558332514842fc08308705cecc41c4867511d4a0e6622a321c7041900
-
SHA512
8dc167e97f3c897d5c8d4319e1fb6eca1e71d3992a2263be8461c469ae43a2136c2864bc897502ef05b47182b5bdfc7a041943b9e0e624531a4d9d4d0438f922
-
SSDEEP
6144:YYRlal53xl2QVZzNy1smH33GOUlVe2R93p8E+epjNfO/VJC+aoUOTyd/94d1qiMN:e5Pdzh
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-