General
-
Target
0dda2fcee8bec9941a9cf9c5bd866f10.bin
-
Size
32KB
-
Sample
240405-bdmkfsgc89
-
MD5
3958f8abc47a8313deb563b33a7c4fb8
-
SHA1
6d4391cf0e9592bf031a72577bb62966c6cfc841
-
SHA256
59ee98956a0a1b1302ca6dfda4eaf1b37804a5a03334ccc12d782933d70f7eed
-
SHA512
c2a8d9d16edba975918aad8dd469cc7cfee554878c7411d060db5bdef0533bc72141e62dede3db0f4a12a8e3c60796588f737d60871c2ecb42ba8a232c404130
-
SSDEEP
768:pkEzyZHROMyrb0WwCXsmqkRr7T51W2rwUyNwt1GByn8Fh7JEE4uPDZ:SEzyDPk5smqkx7dUgwe7GjN8+DZ
Behavioral task
behavioral1
Sample
5732891fc200a9a59fdf3b2f96d5977152d1b76eb7220c8fcb28fc476945cddc.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
RAT15
darkstorm275991.ddns.net:6606
darkstorm275991.ddns.net:7707
darkstorm275991.ddns.net:8808
mrreport.duckdns.org:6606
mrreport.duckdns.org:7707
mrreport.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Windows Session Manager.exe
-
install_folder
%AppData%
Targets
-
-
Target
5732891fc200a9a59fdf3b2f96d5977152d1b76eb7220c8fcb28fc476945cddc.exe
-
Size
66KB
-
MD5
0dda2fcee8bec9941a9cf9c5bd866f10
-
SHA1
29dba01814ef258f12fc06f9771f8e795e0337af
-
SHA256
5732891fc200a9a59fdf3b2f96d5977152d1b76eb7220c8fcb28fc476945cddc
-
SHA512
030eee3ec291fe9a5bf7b6ab1155a853eec01dc13b7319e198872c3af8826f084dda7c60955daf5e893515a528485fadf62e1ad404060b664cecddb0093ed362
-
SSDEEP
1536:42MX66CQkCANKu/UYF9VCFCfn2W4bpfbPkgZIcrPlTGRG:42I66CQk7Ku/UYFOEd4bpzsgZIcdqG
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-