General
-
Target
2b953a27fe875c8394d05347a5d11d14.exe
-
Size
109KB
-
Sample
240517-saj4lacg6x
-
MD5
2b953a27fe875c8394d05347a5d11d14
-
SHA1
c4976290e6ec103671e7709abbed1a92c7c9b0a2
-
SHA256
502d5f5c411a1eeec35a874336b32d35502abb31afd202ad66bd9b2bc341307f
-
SHA512
5e62c4f031a05d4b3d8bc21b65d9d784de8eb759e13fe4ca9069c1c3520a8b0dcca964e1e39a6c38267d488f46a9986beb2161468dc5bc4ad1ff7313485ddf6e
-
SSDEEP
3072:Foiy0nuMAXQF6PIZEDlY+9TXxzQ+HsKWbmFq5:Foinzot84umF
Static task
static1
Behavioral task
behavioral1
Sample
2b953a27fe875c8394d05347a5d11d14.exe
Resource
win7-20231129-en
Malware Config
Extracted
asyncrat
0.5.8
Default
0pe3F2LrSSkk
-
delay
3
-
install
true
-
install_file
Fluxus Folder.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/qdzaTTaM
Targets
-
-
Target
2b953a27fe875c8394d05347a5d11d14.exe
-
Size
109KB
-
MD5
2b953a27fe875c8394d05347a5d11d14
-
SHA1
c4976290e6ec103671e7709abbed1a92c7c9b0a2
-
SHA256
502d5f5c411a1eeec35a874336b32d35502abb31afd202ad66bd9b2bc341307f
-
SHA512
5e62c4f031a05d4b3d8bc21b65d9d784de8eb759e13fe4ca9069c1c3520a8b0dcca964e1e39a6c38267d488f46a9986beb2161468dc5bc4ad1ff7313485ddf6e
-
SSDEEP
3072:Foiy0nuMAXQF6PIZEDlY+9TXxzQ+HsKWbmFq5:Foinzot84umF
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-