General
-
Target
RobloxPlayerInstalleras.exe
-
Size
52KB
-
Sample
240623-l2tnsayamc
-
MD5
64688bfca22546b586bdbdedc06a62e1
-
SHA1
ee850d2ff408f4b2ca1bf776849dcd21ed4111c4
-
SHA256
f6383760a9c9acd6848fb30fea83365e180dddcb7eb305b621e515ff1f7b5049
-
SHA512
f1b936150f04aaac3fa7b73e53d5bd77eb8ae65e2381c877ced384fbfbea71f4ac4002aa8da696e8b0c20d65ec4d2c34dd7ddd8b93ef0ede789380436776ffdc
-
SSDEEP
1536:juZwdTxtB2isugpbXX2o75TjUGyds70T:juZMTxtB2isugpbXNFjUGymQT
Malware Config
Extracted
asyncrat
0.5.8
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:80
127.0.0.1:26181
lolimaginerattin24-26181.portmap.host:26181:6606
lolimaginerattin24-26181.portmap.host:26181:7707
lolimaginerattin24-26181.portmap.host:26181:8808
lolimaginerattin24-26181.portmap.host:26181:80
lolimaginerattin24-26181.portmap.host:26181:26181
FASDdxNMEwio
-
delay
3
-
install
true
-
install_file
RobloxPlayerBeta.exe
-
install_folder
%AppData%
Targets
-
-
Target
RobloxPlayerInstalleras.exe
-
Size
52KB
-
MD5
64688bfca22546b586bdbdedc06a62e1
-
SHA1
ee850d2ff408f4b2ca1bf776849dcd21ed4111c4
-
SHA256
f6383760a9c9acd6848fb30fea83365e180dddcb7eb305b621e515ff1f7b5049
-
SHA512
f1b936150f04aaac3fa7b73e53d5bd77eb8ae65e2381c877ced384fbfbea71f4ac4002aa8da696e8b0c20d65ec4d2c34dd7ddd8b93ef0ede789380436776ffdc
-
SSDEEP
1536:juZwdTxtB2isugpbXX2o75TjUGyds70T:juZMTxtB2isugpbXNFjUGymQT
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-