General
-
Target
fcd200ea6c0d5ee2e6e011fb07a89d5bcf76c5b91f7bb45c936f492c70fe8dae
-
Size
4.0MB
-
Sample
240416-l1cc4sfb83
-
MD5
968bfb3b6f1f84b02918da9bc2c9ae34
-
SHA1
1a8e6d42791150b7340fa5194fbe525f031aa087
-
SHA256
fcd200ea6c0d5ee2e6e011fb07a89d5bcf76c5b91f7bb45c936f492c70fe8dae
-
SHA512
adfa1b6ef34849bae1c79281c831126ecc8d04941effb9a11843177b1a91476f090c25c409ba3ae73b75864f5a4e457e4cd64d42041ed8abe93a5dfdc0aa319b
-
SSDEEP
24576:sIqpMMFDRlWa/OdXSWSvlgF381gWz5E4XLlm0hk/+tLUuODrPjtInrDHw1+h+YGY:+CgKYQS
Malware Config
Extracted
asyncrat
Default
91.92.252.234:3232
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
fcd200ea6c0d5ee2e6e011fb07a89d5bcf76c5b91f7bb45c936f492c70fe8dae
-
Size
4.0MB
-
MD5
968bfb3b6f1f84b02918da9bc2c9ae34
-
SHA1
1a8e6d42791150b7340fa5194fbe525f031aa087
-
SHA256
fcd200ea6c0d5ee2e6e011fb07a89d5bcf76c5b91f7bb45c936f492c70fe8dae
-
SHA512
adfa1b6ef34849bae1c79281c831126ecc8d04941effb9a11843177b1a91476f090c25c409ba3ae73b75864f5a4e457e4cd64d42041ed8abe93a5dfdc0aa319b
-
SSDEEP
24576:sIqpMMFDRlWa/OdXSWSvlgF381gWz5E4XLlm0hk/+tLUuODrPjtInrDHw1+h+YGY:+CgKYQS
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Stealerium
An open source info stealer written in C# first seen in May 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-