General
-
Target
9d6a0c6c2e07cb1544f3fc1a7d7353cb42c122cb529d0e910ab65975196402cc
-
Size
418KB
-
Sample
240417-qeecssac5t
-
MD5
b612e859cbda85d444d91055e4c30cab
-
SHA1
a781f1de97831e68cee27fccafc08cbd2344648c
-
SHA256
9d6a0c6c2e07cb1544f3fc1a7d7353cb42c122cb529d0e910ab65975196402cc
-
SHA512
bc70fa871133ced316a3e0820e6fbf4f14b80f03e6a0a4c25f33a85ce8fd47dc8a82305db2032226a523ca3ba6e64327f14e6aed429fe5918fa26d1889255ff0
-
SSDEEP
12288:GJAVkNAXR7G5/dmV8xFiE8CjGcJY6EtGgwaNn2J:GJHmJb6kv6EtGK2J
Static task
static1
Behavioral task
behavioral1
Sample
fafaaff6d67dd5702bf67e82ea12605ddc03797213ee5aaaed48fe6194cfe87e.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
194.147.140.157:3361
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
msdtc.exe
-
install_folder
%AppData%
Targets
-
-
Target
fafaaff6d67dd5702bf67e82ea12605ddc03797213ee5aaaed48fe6194cfe87e.exe
-
Size
450KB
-
MD5
ead981cd98146fabe078992943b0329d
-
SHA1
a20ba9450187e13e3ed62e6beab4d2bec788df01
-
SHA256
fafaaff6d67dd5702bf67e82ea12605ddc03797213ee5aaaed48fe6194cfe87e
-
SHA512
a20fc11777c75d1062c16407b0f77098e93cdfa28afae053fd8671b56afc234c4bce9243dcd516adb95183a8d4aa58dafb850bd54c996c7507b2bf51c0fcb03a
-
SSDEEP
12288:FZcdIu1fgsDbqonwXKI9SrWLcsz8tEaay4MF3kR:FHumsct9SaLcPtaEFi
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-