General
-
Target
eada79e8f03bca1e073eed610a59fe6ff5622f00a7d591aa83dd7cf85eb1981a.exe
-
Size
45KB
-
Sample
240416-by5lrsea99
-
MD5
0444c41da90ac8db7fc08947c23f6015
-
SHA1
f690d8909222eb75949c714f42f1d79891cf85a8
-
SHA256
eada79e8f03bca1e073eed610a59fe6ff5622f00a7d591aa83dd7cf85eb1981a
-
SHA512
489b5ef586f3f50ac22493f27394dab97884ff438aaff598db6e560939681ffde508b7809e3ee60c698e522f1bd169959f17800d1552fcfe28611cb987e85b71
-
SSDEEP
768:uuixFTpY6owWU+7yKmo2q8IKjPGaG6PIyzjbFgX3i8RPGnrrnfOa+BDZax:uuixFTppw2cKTkDy3bCXS8RA/n2aQdax
Behavioral task
behavioral1
Sample
eada79e8f03bca1e073eed610a59fe6ff5622f00a7d591aa83dd7cf85eb1981a.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
SanTos AsyncRAT
Default
173.211.46.114:6606
173.211.46.114:7707
173.211.46.114:8808
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
FzYR6UpEu44R
-
delay
3
-
install
true
-
install_file
microsoftupdate.exe
-
install_folder
%AppData%
Targets
-
-
Target
eada79e8f03bca1e073eed610a59fe6ff5622f00a7d591aa83dd7cf85eb1981a.exe
-
Size
45KB
-
MD5
0444c41da90ac8db7fc08947c23f6015
-
SHA1
f690d8909222eb75949c714f42f1d79891cf85a8
-
SHA256
eada79e8f03bca1e073eed610a59fe6ff5622f00a7d591aa83dd7cf85eb1981a
-
SHA512
489b5ef586f3f50ac22493f27394dab97884ff438aaff598db6e560939681ffde508b7809e3ee60c698e522f1bd169959f17800d1552fcfe28611cb987e85b71
-
SSDEEP
768:uuixFTpY6owWU+7yKmo2q8IKjPGaG6PIyzjbFgX3i8RPGnrrnfOa+BDZax:uuixFTppw2cKTkDy3bCXS8RA/n2aQdax
-
Async RAT payload
-
Detects file containing reversed ASEP Autorun registry keys
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-