General
-
Target
Optimix_client.exe
-
Size
45KB
-
Sample
240524-n4mdlaha94
-
MD5
bc9efb1b76331a392346d4cce9c3b177
-
SHA1
ecd6d5584ab75f5735a69864ecf74dddde8683a1
-
SHA256
d948a6af0e9a1e9981669d300da54d84e526fc55e9654b8de1ba58821e14b96b
-
SHA512
4969259be841c308d791c16d0645e8f72db3f8708975bd9682ae630cca4c8f27b778d48387b5f17f1a1d82f3b8392cfbe95f8d5cd860ad25543f0d520e6b3f19
-
SSDEEP
768:luAINTHkvSbWUnFKJmo2q7XIrzXIxOPILzjbjXgXAiHFeq1BDZPx:luAINTHgN2Lv83L3bEX9leqbdPx
Behavioral task
behavioral1
Sample
Optimix_client.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.8
Default
192.168.0.76:6606
192.168.0.76:7707
192.168.0.76:8808
192.168.0.76:4444
YNGv5uoT0xzv
-
delay
3
-
install
true
-
install_file
ProtonyteAntiVirusSetup.exe
-
install_folder
%Temp%
Targets
-
-
Target
Optimix_client.exe
-
Size
45KB
-
MD5
bc9efb1b76331a392346d4cce9c3b177
-
SHA1
ecd6d5584ab75f5735a69864ecf74dddde8683a1
-
SHA256
d948a6af0e9a1e9981669d300da54d84e526fc55e9654b8de1ba58821e14b96b
-
SHA512
4969259be841c308d791c16d0645e8f72db3f8708975bd9682ae630cca4c8f27b778d48387b5f17f1a1d82f3b8392cfbe95f8d5cd860ad25543f0d520e6b3f19
-
SSDEEP
768:luAINTHkvSbWUnFKJmo2q7XIrzXIxOPILzjbjXgXAiHFeq1BDZPx:luAINTHgN2Lv83L3bEX9leqbdPx
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-