General
-
Target
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe
-
Size
679KB
-
Sample
240217-evrsaaag2y
-
MD5
170ed51ddb22cd75bf0fa4fa2a1bb6c4
-
SHA1
2e74fd6be27a77a883208db0d09524f15dfa7d00
-
SHA256
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d
-
SHA512
ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865
-
SSDEEP
12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8
Static task
static1
Behavioral task
behavioral1
Sample
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
2024
rat.loseyourip.com:6606
rat.loseyourip.com:7707
rat.loseyourip.com:8808
Async_2024
-
delay
3
-
install
true
-
install_file
csrss.exe
-
install_folder
%Temp%
Targets
-
-
Target
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d.exe
-
Size
679KB
-
MD5
170ed51ddb22cd75bf0fa4fa2a1bb6c4
-
SHA1
2e74fd6be27a77a883208db0d09524f15dfa7d00
-
SHA256
2de5faa16c405e6a3bc14b9d31a82cc389290066b36ed8f0d99d7cd53b1b1d1d
-
SHA512
ac43b87484e0158b24c5c2a65ca6ab394b0b1bae62b03fb28588749066f04520ac10c6307bb45bf334d18a81c3a2b6ae68107b330e134a273f60e12d1c612865
-
SSDEEP
12288:ijWQ4W3K9jGCN0TPsnAH7UA51BlkOUCIV/VKMSiyyjK:7AK96jXQA51BCObIVNKMd8
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects executables packed with SmartAssembly
-
Detects file containing reversed ASEP Autorun registry keys
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-