General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1222998318163034124/1225703295692177408/Infected.rar?ex=66221826&is=660fa326&hm=5d227b4e8463171302af8cdd13489171c5550151e20e719b2b8bff41baf008cb&
Resource
win10v2004-20240226-en
Malware Config
Extracted
asyncrat
$$
127.0.0.1:41414
authority-amazon.gl.at.ply.gg:41414
Ζ贼KרSmDS0伊t7שZOEwtωDfO
-
delay
1
-
install
true
-
install_file
Discord .exe
-
install_folder
%AppData%
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1222998318163034124/1225703295692177408/Infected.rar?ex=66221826&is=660fa326&hm=5d227b4e8463171302af8cdd13489171c5550151e20e719b2b8bff41baf008cb&
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-