General
-
Target
63b9655e7ae47fa38af210f22a5890af
-
Size
922KB
-
Sample
240117-1y2bsagba3
-
MD5
63b9655e7ae47fa38af210f22a5890af
-
SHA1
19f5285b9ccafec85daa6b9eea6ecb273347740c
-
SHA256
60c4efdd576765b4185a0d229ad580e53cdd7a4f160eb521128c1c50694ebec6
-
SHA512
27923a2f5726b6871578a5511fa4746c10f5357442eed1103ed166bd7a6d12496642455dc11fadbc743520e8d8e1b390e7d496006cc6cbf6b09c9b10360260ff
-
SSDEEP
12288:4vtIveNylZn+InT+AN/d3Xho5oBoRoDoyo34VHGZfbRMpoSKHCqMaMI2puE1:YIm0l93/d3y5K64J5VHYsoEqrMIa
Static task
static1
Behavioral task
behavioral1
Sample
63b9655e7ae47fa38af210f22a5890af.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
79.134.225.22:7734
vjmozdcdfndy
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
63b9655e7ae47fa38af210f22a5890af
-
Size
922KB
-
MD5
63b9655e7ae47fa38af210f22a5890af
-
SHA1
19f5285b9ccafec85daa6b9eea6ecb273347740c
-
SHA256
60c4efdd576765b4185a0d229ad580e53cdd7a4f160eb521128c1c50694ebec6
-
SHA512
27923a2f5726b6871578a5511fa4746c10f5357442eed1103ed166bd7a6d12496642455dc11fadbc743520e8d8e1b390e7d496006cc6cbf6b09c9b10360260ff
-
SSDEEP
12288:4vtIveNylZn+InT+AN/d3Xho5oBoRoDoyo34VHGZfbRMpoSKHCqMaMI2puE1:YIm0l93/d3y5K64J5VHYsoEqrMIa
-
Async RAT payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-