General
-
Target
44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706
-
Size
47KB
-
Sample
240628-2vpdgsxdrj
-
MD5
4a56c6e517888a3524999e18e6d7740b
-
SHA1
3781d9472264ca9af471cdc80ffc87c34134c112
-
SHA256
44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706
-
SHA512
0b7c6c0f82b19b20632d8a8d8c93a772f175acc0bf1c9ff1a57f5e731f739806b98663f824a7ec07843cad2fe69376bba57967587a86e5dfe4dc890df334ba4e
-
SSDEEP
768:Euzkx3FTkYwt9y4gWUOlKnjamo2q8ayby6FXbWPI8rQ9Hyfw+0bF3HFZBzUccTUW:EuS3FTHHe2Gy+6Z78rQ9HGWbF3T9U5+Q
Behavioral task
behavioral1
Sample
44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706.exe
Resource
win7-20240221-en
Malware Config
Extracted
asyncrat
0.5.8
Default
0UfuvIZfaBv8
-
delay
3
-
install
true
-
install_file
api.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/aDAYnLv4
Targets
-
-
Target
44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706
-
Size
47KB
-
MD5
4a56c6e517888a3524999e18e6d7740b
-
SHA1
3781d9472264ca9af471cdc80ffc87c34134c112
-
SHA256
44ae9b54c322a598bf0b04a591d69216718a606f4aa01ab72307eed94aec1706
-
SHA512
0b7c6c0f82b19b20632d8a8d8c93a772f175acc0bf1c9ff1a57f5e731f739806b98663f824a7ec07843cad2fe69376bba57967587a86e5dfe4dc890df334ba4e
-
SSDEEP
768:Euzkx3FTkYwt9y4gWUOlKnjamo2q8ayby6FXbWPI8rQ9Hyfw+0bF3HFZBzUccTUW:EuS3FTHHe2Gy+6Z78rQ9HGWbF3T9U5+Q
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-