General
-
Target
6cf9a842721723f290f0042dbfc39f52
-
Size
623KB
-
Sample
240121-lmvbrsaefq
-
MD5
6cf9a842721723f290f0042dbfc39f52
-
SHA1
0fcf58d31a0a3eb64872b7a9bbf5dccea47f227b
-
SHA256
7a46b5a9e5ca439c490aab43bf8b440d6814042240d917aba8386aaf72fd1586
-
SHA512
1067a0f0c4b11c8e8a5766815243e07968b5d6fe8ba8bcbe08746301a4012c37a5ed7b7300f2cacf30fcf9ceb8d920e1f94a19eb3322916107c66d45b47e1ae8
-
SSDEEP
12288:cTwqT3DxIlIOe2KzC2Kxb5OGdWduMyVnGRfX2cpUw:Y1DClq2KzCpx1bdiuM2nGRv2
Static task
static1
Behavioral task
behavioral1
Sample
6cf9a842721723f290f0042dbfc39f52.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
exportmunic007.duckdns.org:6606
exportmunic007.duckdns.org:7707
exportmunic007.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
6cf9a842721723f290f0042dbfc39f52
-
Size
623KB
-
MD5
6cf9a842721723f290f0042dbfc39f52
-
SHA1
0fcf58d31a0a3eb64872b7a9bbf5dccea47f227b
-
SHA256
7a46b5a9e5ca439c490aab43bf8b440d6814042240d917aba8386aaf72fd1586
-
SHA512
1067a0f0c4b11c8e8a5766815243e07968b5d6fe8ba8bcbe08746301a4012c37a5ed7b7300f2cacf30fcf9ceb8d920e1f94a19eb3322916107c66d45b47e1ae8
-
SSDEEP
12288:cTwqT3DxIlIOe2KzC2Kxb5OGdWduMyVnGRfX2cpUw:Y1DClq2KzCpx1bdiuM2nGRv2
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-