General
-
Target
bd0936130918f160fe94ac409384813d
-
Size
1.1MB
-
Sample
240309-219llsdh41
-
MD5
bd0936130918f160fe94ac409384813d
-
SHA1
00f438306e6f79c07e68aade0ca145b2903d2c49
-
SHA256
d12ba06e8f066751bccfca444e986dc407ff2f74f4b133507443c7f8bbc091b4
-
SHA512
2add5cece1aaf98844a7b843a1d0db4602320bdd7d28989e6ef3fef4aa00d0f0a05f6aaa15e424a508c620d3b62cdcf45d033d14ab06ef778350691df53e0c65
-
SSDEEP
24576:PcOsBgo0q4wMeBmCmTOUd+L6k9XWGntVaQ9Atep7:PloHMimCm6Ud+z9X/ntc3cp
Static task
static1
Behavioral task
behavioral1
Sample
bd0936130918f160fe94ac409384813d.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.6D
Game ON
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
79.134.225.35:6606
79.134.225.35:7707
79.134.225.35:8808
vmmfkkwtsgba
-
delay
5
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
bd0936130918f160fe94ac409384813d
-
Size
1.1MB
-
MD5
bd0936130918f160fe94ac409384813d
-
SHA1
00f438306e6f79c07e68aade0ca145b2903d2c49
-
SHA256
d12ba06e8f066751bccfca444e986dc407ff2f74f4b133507443c7f8bbc091b4
-
SHA512
2add5cece1aaf98844a7b843a1d0db4602320bdd7d28989e6ef3fef4aa00d0f0a05f6aaa15e424a508c620d3b62cdcf45d033d14ab06ef778350691df53e0c65
-
SSDEEP
24576:PcOsBgo0q4wMeBmCmTOUd+L6k9XWGntVaQ9Atep7:PloHMimCm6Ud+z9X/ntc3cp
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-