General
-
Target
Infected.exe
-
Size
9.0MB
-
Sample
240126-3ajg6shgcr
-
MD5
add49a4fbe84b5e5925c278f50d212a5
-
SHA1
194c8f74726c7c80cd2dbc5b1971d61bb0b5d079
-
SHA256
b66c361415efd36f60551d8947123ea937b6adc29accc299fd2e98db143202e4
-
SHA512
c1121c07cd7bc1b4a20e8e0c85a4f84d8bc4a0a69f44b595340f9e8fa2fcc69a5cdb358306462bd78afe77fa544d8b01420afe2968de5b26e0ca2f937063a913
-
SSDEEP
1536:DY+Q+tdSJYUbdh9gBtdluXpCQ5ppqKmY7:DrtYYUbdwtI5yz
Malware Config
Extracted
asyncrat
Default
127.0.0.1:909
127.0.0.1:9090
127.0.0.1:4545
127.0.0.1:3232
192.168.2.40:909
192.168.2.40:9090
192.168.2.40:4545
192.168.2.40:3232
127.0.0.1:3232:909
127.0.0.1:3232:9090
127.0.0.1:3232:4545
127.0.0.1:3232:3232
i4fXWD贼8勒oרD吾ikVd勒h4Pgg
-
delay
1
-
install
true
-
install_file
WinChecker.exe
-
install_folder
%Temp%
Targets
-
-
Target
Infected.exe
-
Size
9.0MB
-
MD5
add49a4fbe84b5e5925c278f50d212a5
-
SHA1
194c8f74726c7c80cd2dbc5b1971d61bb0b5d079
-
SHA256
b66c361415efd36f60551d8947123ea937b6adc29accc299fd2e98db143202e4
-
SHA512
c1121c07cd7bc1b4a20e8e0c85a4f84d8bc4a0a69f44b595340f9e8fa2fcc69a5cdb358306462bd78afe77fa544d8b01420afe2968de5b26e0ca2f937063a913
-
SSDEEP
1536:DY+Q+tdSJYUbdh9gBtdluXpCQ5ppqKmY7:DrtYYUbdwtI5yz
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-