General
-
Target
Spofer.exe
-
Size
47KB
-
Sample
240629-3d17dsyhja
-
MD5
eaf40238b22c8d60c1ccc1f3d307a118
-
SHA1
8198f96a2cd391948d1857a65d5abe8916add847
-
SHA256
48a9596bd4aefc428dff563a9942639d8bfe74372a50218b79c387d36e41a3df
-
SHA512
d07116b990c3e99acb570ab088b8d15ef613587f9c8acda332f2cd590c19082cc306f8936b08c8460171de31fcb58d57648c161824f6151f3ecf4f3a6275b81a
-
SSDEEP
768:xuu91TwQsOnFWUFN1/mo2qDnNyiwoujmXnPIC2e0bYRM4hg7RqjtKBDZMx:xuu91TwSb2WIiumXAC2RbYRZOPdMx
Behavioral task
behavioral1
Sample
Spofer.exe
Resource
win7-20240508-en
Malware Config
Extracted
asyncrat
0.5.8
Default
Ratrat2-53904.portmap.host:53904
AEUSlyyU5H0R
-
delay
3
-
install
true
-
install_file
token.exe
-
install_folder
%AppData%
Targets
-
-
Target
Spofer.exe
-
Size
47KB
-
MD5
eaf40238b22c8d60c1ccc1f3d307a118
-
SHA1
8198f96a2cd391948d1857a65d5abe8916add847
-
SHA256
48a9596bd4aefc428dff563a9942639d8bfe74372a50218b79c387d36e41a3df
-
SHA512
d07116b990c3e99acb570ab088b8d15ef613587f9c8acda332f2cd590c19082cc306f8936b08c8460171de31fcb58d57648c161824f6151f3ecf4f3a6275b81a
-
SSDEEP
768:xuu91TwQsOnFWUFN1/mo2qDnNyiwoujmXnPIC2e0bYRM4hg7RqjtKBDZMx:xuu91TwSb2WIiumXAC2RbYRZOPdMx
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-