General
-
Target
91eae3aeb592e530edf843431d616dc6e3196b4eecd341d7422f84a466bcb8c2
-
Size
414KB
-
Sample
240417-rvse2aca83
-
MD5
c0b40ed5c7e6973ba582fc0aceb469d0
-
SHA1
1e3577af6b974f880d2d5c81b2b0f13179f5f778
-
SHA256
91eae3aeb592e530edf843431d616dc6e3196b4eecd341d7422f84a466bcb8c2
-
SHA512
3a26356ed224f4ffa14ca51b13a483a4d7b40dee0f500f4655039a7c0aa51dbd78c8dd4a6966b4adc300dd5dd3e37aad72c75ff694f0add135a85d2142ffda8e
-
SSDEEP
6144:nO/61IxIUZnZKql4hG90VJOXRywChqEH7KqqR1HVAndterITdPNpszHhRX:nOSiTZngvGdEhNH0R1On7er4vpY
Static task
static1
Behavioral task
behavioral1
Sample
0b73e8607350c592c70b7e5845a1d7d4a7b60bd05ea1a86a7c5dd21fc48a43fe.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.8
Default
45.145.55.81:6606
45.145.55.81:7707
45.145.55.81:8808
yy4orPaIfKQ9
-
delay
3
-
install
true
-
install_file
note.exe
-
install_folder
%AppData%
Targets
-
-
Target
0b73e8607350c592c70b7e5845a1d7d4a7b60bd05ea1a86a7c5dd21fc48a43fe.exe
-
Size
681KB
-
MD5
34ba2f8eca9f38d2cd3a8fa1bf57ab81
-
SHA1
24948a5f1f23a471d7bdc1d4f2c0cc9b9914d17b
-
SHA256
0b73e8607350c592c70b7e5845a1d7d4a7b60bd05ea1a86a7c5dd21fc48a43fe
-
SHA512
0897ccd7920c421259bcd53511160e68dd0020c5c88a80dded4b9a7b4427b76e7eacca03be7b0be5a2eea9f3bca1374ff104950ddd09dec67e412c4524f957c6
-
SSDEEP
12288:vBAt6aqLw7nKNPxgQfHU497m35Z8Awc2x:vetmCKNpgQf0CaJZ8
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-