General
-
Target
TPSPoxR1tjvrw3nqDARFwixDWzQkPxHBxmBosA17.zip
-
Size
483KB
-
Sample
240407-wjq52sad3v
-
MD5
194c188093dcc132a8deea7b0dad1f2c
-
SHA1
d52b99d85b91aa1fbdfe4afbb25d099539108380
-
SHA256
83d1269b87125006ff08fd7d99a1e5b1fd62e9769848d9912853f4e56cb6ebff
-
SHA512
dbb761c7e3210103ffd9aa1bf3c95eec5dcb47bcb8532635c3d4ebe5e0ca40e0f4e5e53cad880f5253b4009ef4bdc162be2c0545a95692beaef2840aa522c220
-
SSDEEP
12288:FFT5Lc95Y6ynYHofdfppn4UJctToWkzGnp:FWPynYIfdxmU6cGp
Malware Config
Extracted
asyncrat
Default
Δ2cΕmVO比L西IVurs诶Eש8
-
delay
1
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/z5PQ82wE
Targets
-
-
Target
Defender_Settings.vbs
-
Size
313B
-
MD5
b0bf0a477bcca312021177572311e666
-
SHA1
ea77332d7779938ae8e92ad35d6dea4f4be37a92
-
SHA256
af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
-
SHA512
09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8
Score3/10 -
-
-
Target
VantaFN.exe
-
Size
3.8MB
-
MD5
84699018b1132b73d8063290faa07789
-
SHA1
7d1eec5ae60f0a0383f723f1e001dfc6c2c76aac
-
SHA256
d35c91227f48c494930749f5486054244686328ad8e02960a6b0b10226bc174c
-
SHA512
d7d29eaeacb5d4289aa0a3bbdf071f2e875bf307e326829432cfbbcff1b19e3eaccfc81ec5ebcbf2beab7dee8aff05ad8c086ac0e61a0837339f4febabef5ade
-
SSDEEP
1536:ftTXAtyLaVfblJpAGUbVh9CU5uodpqKmY7:fWyaVPaGUbVjzGz
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
dControl.exe
-
Size
447KB
-
MD5
58008524a6473bdf86c1040a9a9e39c3
-
SHA1
cb704d2e8df80fd3500a5b817966dc262d80ddb8
-
SHA256
1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
-
SHA512
8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
-
SSDEEP
6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
out.upx
-
Size
653KB
-
MD5
6970ea0b6597dcd5b4f5f19f28e958a8
-
SHA1
a0130bb7ac03ec4799c90781ca93fd1392c6d54c
-
SHA256
481e03978ca339ce697252895efe89b09fefd3098ad247d24eeb6cca9969f553
-
SHA512
bc95cbe9a050e3d3b713745ef399bf2817d38f8e019f6edffdd2bf755badbde766e434e39a7f32356125bba0692b694c18da8dd0762aac0c9430d45acb215e01
-
SSDEEP
12288:nkxDoouVA2nxKkhEvdRgQriDJOIlW+yBGQowlNCWS:RRmJkioQrilOIc+yMx
Score3/10 -