General
-
Target
panel 1.1.exe
-
Size
2.7MB
-
Sample
240406-1kdcssce54
-
MD5
9c993d304248ac9ceb1e56efe2fd80c8
-
SHA1
eeb77ea65eb7627ddda401954f835d4cee4e9651
-
SHA256
b18cb5f31c2f5a29ebe171e68bf414b8168959d12d36a9e5ad7a58c04beaf125
-
SHA512
0e73895fde1dcf7258033d1ada084e0619e535f8c9470ea9baf7f692b290d5cd0515d6cc3039c58776c139e395ee03f925dd648184f8ae8090a68c9d7fad67f7
-
SSDEEP
49152:sI8KwvIjwTIu3XAhQ+TOYMCDy+/uvgDOMnodkyB5UGD5LM8VUrH:s1KwvO0XAHOyucOModkyB5D7VUj
Static task
static1
Behavioral task
behavioral1
Sample
panel 1.1.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
| Edit 3LOSH RAT
RAT5
darkstorm275991.ddns.net:6606
darkstorm275991.ddns.net:7707
darkstorm275991.ddns.net:8808
mrreport.duckdns.org:6606
mrreport.duckdns.org:7707
mrreport.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Microsoft.exe
-
install_folder
%AppData%
Targets
-
-
Target
panel 1.1.exe
-
Size
2.7MB
-
MD5
9c993d304248ac9ceb1e56efe2fd80c8
-
SHA1
eeb77ea65eb7627ddda401954f835d4cee4e9651
-
SHA256
b18cb5f31c2f5a29ebe171e68bf414b8168959d12d36a9e5ad7a58c04beaf125
-
SHA512
0e73895fde1dcf7258033d1ada084e0619e535f8c9470ea9baf7f692b290d5cd0515d6cc3039c58776c139e395ee03f925dd648184f8ae8090a68c9d7fad67f7
-
SSDEEP
49152:sI8KwvIjwTIu3XAhQ+TOYMCDy+/uvgDOMnodkyB5UGD5LM8VUrH:s1KwvO0XAHOyucOModkyB5D7VUj
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-