General
-
Target
ed1516e205dd17247784774d2743ea36da0a590f9fb811b1e347bce7adc86836.zip
-
Size
311KB
-
Sample
240108-c3bd6ahgdq
-
MD5
6aaf6f667b4b9b0b65cb47595f85782d
-
SHA1
35fb188d3631fad8dadafc9ef3ed6a2031ca79db
-
SHA256
86554e71ff91b337355f749b101dccf1d3d0bd06967425e702cadc69ba6148e1
-
SHA512
40ea5c78a2eba7db481549fa4f154d6eadec69b94e7b2a07f24a0d1371a8683081c2200dddbc8e116b109970c8e225e1b9f7088a39467bc44e27aa8c1ada89cf
-
SSDEEP
6144:K9A400sJKDOjsehCO5nPUAtkrPPeMw0WXEOxfulSAfu/C0fnRmIxbISEfG:Ky70WK0lhCqnPGeMZ/hlScWXtEO
Static task
static1
Behavioral task
behavioral1
Sample
ed1516e205dd17247784774d2743ea36da0a590f9fb811b1e347bce7adc86836.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
0.5.7B
FUD
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:3173
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
WindowsSt.exe
-
install_folder
%AppData%
Targets
-
-
Target
ed1516e205dd17247784774d2743ea36da0a590f9fb811b1e347bce7adc86836
-
Size
490KB
-
MD5
98b95177a6e3021b8c4e705dae0325b3
-
SHA1
365621df45abcf55323e5070beed5355cbea76fa
-
SHA256
ed1516e205dd17247784774d2743ea36da0a590f9fb811b1e347bce7adc86836
-
SHA512
a0efe7474236aff935267724e7f70677c0acb592c44240d1ea41c4b64a0e7ac0b75f17b77f35f3dd2fce1f43baca5628206f5935ee493c71b6f0d7b0f5dedf93
-
SSDEEP
6144:3Vv7ycSFCbmEfGWY+mHk8c7fsv/WmqxHcf27TGGoodt+J5K7Qzpfimlfrp:BhSFCbmY7Y+r9sv/WjW2BxYK7QzpKmX
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-