General
-
Target
bd9d3da2c7a63a88c44c8857fb285062
-
Size
2.5MB
-
Sample
240310-emrgjsbg69
-
MD5
bd9d3da2c7a63a88c44c8857fb285062
-
SHA1
4e6dc23cb739abb7f926daa22096832da8d4fcd3
-
SHA256
9c32dfe9366cd900b272ce625381572ad85be6d6fd1c452e48c2b289103522f1
-
SHA512
dcf16eb637a20a7192322bf0e28346ae73c2b47da60610233b57a48bc38927139b206ff67bed3a0fd1fbf0b66a0a0264c316df22df0cd5c278359ed31c9b4184
-
SSDEEP
49152:X5k3D1W2tOnUN7+b+/2RqOaRtm2jc7MYuKVpZebnlT1c+Hc+9u/Sm1M:X5i1JtOuSS/2L6t/4Zu4van7zzn5
Static task
static1
Behavioral task
behavioral1
Sample
bd9d3da2c7a63a88c44c8857fb285062.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.4H
extiqtrzeqtxqjoa
-
delay
0
-
install
true
-
install_file
scvhost.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/X37Jy9jA
Targets
-
-
Target
bd9d3da2c7a63a88c44c8857fb285062
-
Size
2.5MB
-
MD5
bd9d3da2c7a63a88c44c8857fb285062
-
SHA1
4e6dc23cb739abb7f926daa22096832da8d4fcd3
-
SHA256
9c32dfe9366cd900b272ce625381572ad85be6d6fd1c452e48c2b289103522f1
-
SHA512
dcf16eb637a20a7192322bf0e28346ae73c2b47da60610233b57a48bc38927139b206ff67bed3a0fd1fbf0b66a0a0264c316df22df0cd5c278359ed31c9b4184
-
SSDEEP
49152:X5k3D1W2tOnUN7+b+/2RqOaRtm2jc7MYuKVpZebnlT1c+Hc+9u/Sm1M:X5i1JtOuSS/2L6t/4Zu4van7zzn5
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-