General
-
Target
7fa59a3765d7c03a2e6c51aaac8dbf0b18449625357eae3523a46f048dda6331.zip
-
Size
113KB
-
Sample
231213-rd4fzafca2
-
MD5
ea9897a3d25763fb6d966fa414fd5653
-
SHA1
176a00b43ac34058ce13c83543c9a18b77f118b1
-
SHA256
89e2704e3362f2b31c7cfbfdcf6fd540f71d5375612edf318bbca1098da7cbb6
-
SHA512
bd809a67d7b597335e4ced1b92142097b0a069195c25d07643a14016410aef83ac383c30c44299822e121cbf32a9c81b75da3e859c648d567f46f96f90dc9860
-
SSDEEP
3072:werjyWSLuEeJbYJ2vBuEk6y6nDdLqU9Zmy0Pln:w+yWYuEUYssV4ZqU9Zmy0dn
Static task
static1
Behavioral task
behavioral1
Sample
Scan_06192020.exe
Resource
win7-20231023-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
winx.xcapdatap.capetown:6204
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Scan_06192020.exe
-
Size
154KB
-
MD5
10c2b3afaeb7fe450852bb55c08f89d1
-
SHA1
ed5a0fbdd1a380bb5738ff3f03ea3f7b851e33e5
-
SHA256
847b3580cba59e7f4b453488c263544f3c481027d2ddf4f9f3988d84afc35c85
-
SHA512
709c44292e385c684c1af1e18c49a2f7a82b62faa685fe9226609c67d4e885dc5c3f820954c6c9cb0aa2d73de136070cb13b316ad08501bfe2869b577b858bce
-
SSDEEP
3072:bqOQcs8pmp5W4J44tDlsAU/UwtRUsUUc2fjRs+DVs+A1+HX5wsOZ4T3EMXckbNGV:bqLl2V7H6sA4bEMXc4VLvTGc
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-