General
-
Target
61d83cd9dcb9599726ac8a7237854537.bin
-
Size
522KB
-
Sample
240623-cf82xavhjd
-
MD5
70c0663948580ee7db444f752c57e1c8
-
SHA1
bfc2d5bb7da450dd3d3289174bb191c62c2f7d4a
-
SHA256
24a006bc41d2080dd8c5c582ca2e3994a29147b6e14a02c47ea870720dc9e844
-
SHA512
dbf90f885523ae6607ba1b36f6c68056c591cc720b58987cbe2a6aa3b4c4b72cb3fbc9670b13c8a97a027c80543b95252475db0abf95a488add9b820fe654d60
-
SSDEEP
12288:KUmQUSYCnXbDjS+cz6+2Zut0zuWJMIGcihkx5R/pd:DUlCXb/S+cz6+t0jJMIGwRd
Static task
static1
Behavioral task
behavioral1
Sample
d862de550b07302770f3b05b441c57c75dff0425fe41b7981ecff7386049e24b.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
zaragoza.ddns.net:5480
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
fwqoouQWEGr.exe
-
install_folder
%AppData%
Targets
-
-
Target
d862de550b07302770f3b05b441c57c75dff0425fe41b7981ecff7386049e24b.exe
-
Size
700KB
-
MD5
61d83cd9dcb9599726ac8a7237854537
-
SHA1
962d76027061ed0e1fc13df2235f2d17a441b591
-
SHA256
d862de550b07302770f3b05b441c57c75dff0425fe41b7981ecff7386049e24b
-
SHA512
381c34cac16f20293c9c74a802043d2f6b231e2556a0af2e56f86ce94ffa4abb1a10ad51a1bb8a5de69e71aad5c551a95735e153296beb946b7cdac4fe092bd5
-
SSDEEP
12288:ceSB3+wgWlty8g1DI+VZG1SWSRezMRFLrdcdMANPKKvkR:ceSZgWl8X1DIgG1lSPRLWMANpq
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-