General
-
Target
test.exe
-
Size
63KB
-
Sample
240102-m4wrlaeehm
-
MD5
dbae7f28a979f484c12c8c92296cd395
-
SHA1
6df8059bf64596a7c3b143e236f28cab457cbf5b
-
SHA256
fe404c8344b09746442737bcc3ea63ec8bb38a6d96d3d549aafbcb5428efae7b
-
SHA512
468e5b3e919272657437116474935c925db1970db5483bdd88b049abd955be12163e32a89ed3cbe3ed5d7932cafe66cdb18718914677e1744f7299c040302703
-
SSDEEP
768:iil3pYNlrm78RIC8A+XjOpeyr61urX1+T4uoSBGHmDbDTph0oX/jES4ryYSu4dph:Dyr0In0tYUbJh9/jgau4dpqKmY7
Behavioral task
behavioral1
Sample
test.exe
Resource
win11-20231215-en
Malware Config
Extracted
asyncrat
Default
146.70.129.19:38371
RDKMYv迪ΔW艾RΗxC伊1Yd伊רE6L
-
delay
1
-
install
true
-
install_file
kokot.exe
-
install_folder
%AppData%
Targets
-
-
Target
test.exe
-
Size
63KB
-
MD5
dbae7f28a979f484c12c8c92296cd395
-
SHA1
6df8059bf64596a7c3b143e236f28cab457cbf5b
-
SHA256
fe404c8344b09746442737bcc3ea63ec8bb38a6d96d3d549aafbcb5428efae7b
-
SHA512
468e5b3e919272657437116474935c925db1970db5483bdd88b049abd955be12163e32a89ed3cbe3ed5d7932cafe66cdb18718914677e1744f7299c040302703
-
SSDEEP
768:iil3pYNlrm78RIC8A+XjOpeyr61urX1+T4uoSBGHmDbDTph0oX/jES4ryYSu4dph:Dyr0In0tYUbJh9/jgau4dpqKmY7
-
Async RAT payload
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Renames multiple (3150) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Sets desktop wallpaper using registry
-