General
-
Target
f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11.exe
-
Size
1.1MB
-
Sample
240619-cafhea1hqa
-
MD5
935fa2bdf4a8b2b9d71c1e87dfda27ef
-
SHA1
468fea59efdd1e52aebd17edd6185d472a311f7e
-
SHA256
f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11
-
SHA512
74434c0a88589083d9087158ec3fb75921e4715bb61654ef4688fe936d3677a3224451be9140087596c01d1ccc6054064791ad2307a84e7b9bf221b36e0def36
-
SSDEEP
24576:xcvYPuAT6+Feyf8h8zwGhKL8bzh2God0Tae3sHPFMses6n:xZP1VFeyftzdhKLsQdle3svFM
Static task
static1
Behavioral task
behavioral1
Sample
f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:7771
127.0.0.1:39377
doffuovouvvufoz97964d-39377.portmap.host:7771
doffuovouvvufoz97964d-39377.portmap.host:39377
-
delay
1
-
install
true
-
install_file
lulz.exe
-
install_folder
%AppData%
Targets
-
-
Target
f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11.exe
-
Size
1.1MB
-
MD5
935fa2bdf4a8b2b9d71c1e87dfda27ef
-
SHA1
468fea59efdd1e52aebd17edd6185d472a311f7e
-
SHA256
f7d1b2ecb7f47ed1311ed562bd1565f2e849d26e0c076e6ec6125d535bf17c11
-
SHA512
74434c0a88589083d9087158ec3fb75921e4715bb61654ef4688fe936d3677a3224451be9140087596c01d1ccc6054064791ad2307a84e7b9bf221b36e0def36
-
SSDEEP
24576:xcvYPuAT6+Feyf8h8zwGhKL8bzh2God0Tae3sHPFMses6n:xZP1VFeyftzdhKLsQdle3svFM
-
Async RAT payload
-
Detects executables attemping to enumerate video devices using WMI
-
Detects executables containing the string DcRatBy
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-