General
-
Target
bd54c2a5e07d4c0df9cb844d8a952ba3746dc1761d833a710d33309f75539e73.exe
-
Size
1.0MB
-
Sample
240405-b38tzshd87
-
MD5
2fd0387cb9fa37855f8a9c196c115131
-
SHA1
3a1b1f53e4a57a622a82ee6d149792fd7c212a13
-
SHA256
bd54c2a5e07d4c0df9cb844d8a952ba3746dc1761d833a710d33309f75539e73
-
SHA512
1fe92302bba86858e989203fc8826a4bd326226b7025d32be946f59a9035cc17d0734c50d724c560a288311ed1d4f07824c30e456988ab2e5b7432eb4d47a095
-
SSDEEP
12288:2fk2b3JKzOdEtjBA0zg1fA3UOaCl114p1xOAKSkjdrhV0DyqPod4/oADOUltRTrJ:q7LAzOd+jBhzkfhOaq11qIx5IrooVY4
Static task
static1
Behavioral task
behavioral1
Sample
bd54c2a5e07d4c0df9cb844d8a952ba3746dc1761d833a710d33309f75539e73.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
RAT10
darkstorm275991.ddns.net:6606
darkstorm275991.ddns.net:7707
darkstorm275991.ddns.net:8808
mrreport.duckdns.org:6606
mrreport.duckdns.org:7707
mrreport.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Microsoft.exe
-
install_folder
%AppData%
Targets
-
-
Target
bd54c2a5e07d4c0df9cb844d8a952ba3746dc1761d833a710d33309f75539e73.exe
-
Size
1.0MB
-
MD5
2fd0387cb9fa37855f8a9c196c115131
-
SHA1
3a1b1f53e4a57a622a82ee6d149792fd7c212a13
-
SHA256
bd54c2a5e07d4c0df9cb844d8a952ba3746dc1761d833a710d33309f75539e73
-
SHA512
1fe92302bba86858e989203fc8826a4bd326226b7025d32be946f59a9035cc17d0734c50d724c560a288311ed1d4f07824c30e456988ab2e5b7432eb4d47a095
-
SSDEEP
12288:2fk2b3JKzOdEtjBA0zg1fA3UOaCl114p1xOAKSkjdrhV0DyqPod4/oADOUltRTrJ:q7LAzOd+jBhzkfhOaq11qIx5IrooVY4
-
Async RAT payload
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects executables packed with ConfuserEx Mod
-
Detects file containing reversed ASEP Autorun registry keys
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-