General
-
Target
7e1215a9250f2f1b21c282a7541301f0
-
Size
1.2MB
-
Sample
240128-1h6assafe2
-
MD5
7e1215a9250f2f1b21c282a7541301f0
-
SHA1
87247624bb152570a9976cb3e4dca23719e247e7
-
SHA256
5b85e8c3a111fa974d3a497f58e28dc2be93ec6db391547746076d8e0b4ad1a1
-
SHA512
e6c7610ea2597cf1899124ebe29c4a3c946876e9f667b1e6485e3d9249e26ebcdcf07fd4437de05445d8ccf221ed1c8f6365a14c7b5463a3baa4eb3a0441002f
-
SSDEEP
12288:VH7Z5lJvrpJlZGHMkm4+buL9/0EFMtnVipIXAYfGlWjuzlZcjo1qT3MS:5rAMkmw2EFMLoIhPuzlZcjosT3MS
Static task
static1
Behavioral task
behavioral1
Sample
7e1215a9250f2f1b21c282a7541301f0.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
mariarizazapata09.duckdns.org:1884
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
7e1215a9250f2f1b21c282a7541301f0
-
Size
1.2MB
-
MD5
7e1215a9250f2f1b21c282a7541301f0
-
SHA1
87247624bb152570a9976cb3e4dca23719e247e7
-
SHA256
5b85e8c3a111fa974d3a497f58e28dc2be93ec6db391547746076d8e0b4ad1a1
-
SHA512
e6c7610ea2597cf1899124ebe29c4a3c946876e9f667b1e6485e3d9249e26ebcdcf07fd4437de05445d8ccf221ed1c8f6365a14c7b5463a3baa4eb3a0441002f
-
SSDEEP
12288:VH7Z5lJvrpJlZGHMkm4+buL9/0EFMtnVipIXAYfGlWjuzlZcjo1qT3MS:5rAMkmw2EFMLoIhPuzlZcjosT3MS
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-