General
-
Target
a8884d5c23826a156a79a2e40ddbc10f.exe
-
Size
1.2MB
-
Sample
240404-ynna3agg7x
-
MD5
a8884d5c23826a156a79a2e40ddbc10f
-
SHA1
17ba269221f5e728a768f0e19bd1acf8759f44ac
-
SHA256
821900f5cf0981a062d0683d5a5905ce407a035d9e0ab7ee0bd110a7403321d1
-
SHA512
8f14f18e84aac4643655994e6d11d1c166607beadbecc9cc969afa0a5e5881df4cf3c74c77f1de092240369e0922da52574108a358b04a3043d450a77191fedd
-
SSDEEP
1536:67ja7Fg3dR05lpUFpILxwr1088AEUHXTit6oAfMOnYZm/ZMp+E1U793K7nadtU4s:6QiRGpUcwrXLEKXTToMMIYU60gqtU4s
Static task
static1
Behavioral task
behavioral1
Sample
a8884d5c23826a156a79a2e40ddbc10f.exe
Resource
win7-20240215-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
RAT15
darkstorm275991.ddns.net:6606
darkstorm275991.ddns.net:7707
darkstorm275991.ddns.net:8808
mrreport.duckdns.org:6606
mrreport.duckdns.org:7707
mrreport.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Windows Session Manager.exe
-
install_folder
%AppData%
Targets
-
-
Target
a8884d5c23826a156a79a2e40ddbc10f.exe
-
Size
1.2MB
-
MD5
a8884d5c23826a156a79a2e40ddbc10f
-
SHA1
17ba269221f5e728a768f0e19bd1acf8759f44ac
-
SHA256
821900f5cf0981a062d0683d5a5905ce407a035d9e0ab7ee0bd110a7403321d1
-
SHA512
8f14f18e84aac4643655994e6d11d1c166607beadbecc9cc969afa0a5e5881df4cf3c74c77f1de092240369e0922da52574108a358b04a3043d450a77191fedd
-
SSDEEP
1536:67ja7Fg3dR05lpUFpILxwr1088AEUHXTit6oAfMOnYZm/ZMp+E1U793K7nadtU4s:6QiRGpUcwrXLEKXTToMMIYU60gqtU4s
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-