General
-
Target
B099F31FF999B0AAC37E9DE2E3160CE6.exe
-
Size
45KB
-
Sample
240531-t1cymseg43
-
MD5
b099f31ff999b0aac37e9de2e3160ce6
-
SHA1
03e35f01dbb3286c943e69771cd630757cd16bdf
-
SHA256
0fa269be03146fff09c0ed89d794dc3c141f9e60a5c1e83c432a022294e2a19d
-
SHA512
833b9200854811d35a243938dd9f47bb53be3559716438afd91fb8eabf282c6a23d49b4a4e3391e9bccd339048a65d75ec18ba4e8b922caf46d70d83b8a98079
-
SSDEEP
768:YuKQ9TH4EjZWUR/ejmo2qri0z/ynFCWHqjbzgX3iXJuT/VAACH93ncDZT7+:YuKQ9THfe24jGNHmbsXSX8ClHudT7+
Behavioral task
behavioral1
Sample
B099F31FF999B0AAC37E9DE2E3160CE6.exe
Resource
win7-20240508-en
Malware Config
Extracted
asyncrat
0.5.8
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:1081
drasticqq.zapto.org:6606
drasticqq.zapto.org:7707
drasticqq.zapto.org:8808
drasticqq.zapto.org:1081
h46cQN57zihD
-
delay
3
-
install
true
-
install_file
notepad.exe
-
install_folder
%AppData%
Targets
-
-
Target
B099F31FF999B0AAC37E9DE2E3160CE6.exe
-
Size
45KB
-
MD5
b099f31ff999b0aac37e9de2e3160ce6
-
SHA1
03e35f01dbb3286c943e69771cd630757cd16bdf
-
SHA256
0fa269be03146fff09c0ed89d794dc3c141f9e60a5c1e83c432a022294e2a19d
-
SHA512
833b9200854811d35a243938dd9f47bb53be3559716438afd91fb8eabf282c6a23d49b4a4e3391e9bccd339048a65d75ec18ba4e8b922caf46d70d83b8a98079
-
SSDEEP
768:YuKQ9TH4EjZWUR/ejmo2qri0z/ynFCWHqjbzgX3iXJuT/VAACH93ncDZT7+:YuKQ9THfe24jGNHmbsXSX8ClHudT7+
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-