General
-
Target
2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935.exe
-
Size
155KB
-
Sample
240207-zse1xscecq
-
MD5
a2be5a2407107605033f2bd305be2e40
-
SHA1
0cc699e4c019627527777744903f75bc2494ef3a
-
SHA256
2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935
-
SHA512
ff211c693680df1ca81a7858dd647afc5cc0be093b985d9c3b20a1693bff069c260e66e2421b79e0711634baed2c6f12a1d905029e82e409c8368c0590bd9b6a
-
SSDEEP
768:8fvdWST3xRbyApqHuDlOHTjXhDnyokke5dfED1ns7csFOyh1cccccccccccgccc8:UvdWSVRVDlOzjRzrksAOUOMv
Static task
static1
Behavioral task
behavioral1
Sample
2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
test
xfreddy2751.duckdns.org:6606
xfreddy2751.duckdns.org:7707
xfreddy2751.duckdns.org:8808
darkstorm275991.ddns.net:6606
darkstorm275991.ddns.net:7707
darkstorm275991.ddns.net:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
License.exe
-
install_folder
%AppData%
Targets
-
-
Target
2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935.exe
-
Size
155KB
-
MD5
a2be5a2407107605033f2bd305be2e40
-
SHA1
0cc699e4c019627527777744903f75bc2494ef3a
-
SHA256
2e4db0c8f13972267a53d6d51befde14f0239e35bd0cc3fe60404b5ace7a1935
-
SHA512
ff211c693680df1ca81a7858dd647afc5cc0be093b985d9c3b20a1693bff069c260e66e2421b79e0711634baed2c6f12a1d905029e82e409c8368c0590bd9b6a
-
SSDEEP
768:8fvdWST3xRbyApqHuDlOHTjXhDnyokke5dfED1ns7csFOyh1cccccccccccgccc8:UvdWSVRVDlOzjRzrksAOUOMv
-
Detect ZGRat V1
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects executables packed with ConfuserEx Mod
-
Detects file containing reversed ASEP Autorun registry keys
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-