General
-
Target
DB6BF30FD61D330A5466459124FD4F21.exe
-
Size
897KB
-
Sample
240629-tqsakstgkk
-
MD5
db6bf30fd61d330a5466459124fd4f21
-
SHA1
5beef951cc1052daeca87d5ef69999b3d0cc1381
-
SHA256
20e3320ed125693938485c94c8ebf1a981ed2d717bba86f137a4b327757946fe
-
SHA512
f794a8ed161e23951299890660fd98f42cd0159aca9d6f653263170b0c63ab8b6a4ba2101f13862541440b01517da2c6348a26f1a1cec470878abe4b796474dd
-
SSDEEP
24576:KMPzX5QdJTGSQfTWJcWF2dZ7T8IY3Sd+L0S6D9:KMLqXTGSjcQmZ7QIcSEmD
Static task
static1
Behavioral task
behavioral1
Sample
DB6BF30FD61D330A5466459124FD4F21.exe
Resource
win7-20240508-en
Malware Config
Extracted
asyncrat
0.5.6D
Default
seznam.zapto.org:6606
seznam.zapto.org:7707
seznam.zapto.org:8808
zaqhepdivuiitce
-
delay
5
-
install
true
-
install_file
sezznam.exe
-
install_folder
%AppData%
Targets
-
-
Target
DB6BF30FD61D330A5466459124FD4F21.exe
-
Size
897KB
-
MD5
db6bf30fd61d330a5466459124fd4f21
-
SHA1
5beef951cc1052daeca87d5ef69999b3d0cc1381
-
SHA256
20e3320ed125693938485c94c8ebf1a981ed2d717bba86f137a4b327757946fe
-
SHA512
f794a8ed161e23951299890660fd98f42cd0159aca9d6f653263170b0c63ab8b6a4ba2101f13862541440b01517da2c6348a26f1a1cec470878abe4b796474dd
-
SSDEEP
24576:KMPzX5QdJTGSQfTWJcWF2dZ7T8IY3Sd+L0S6D9:KMLqXTGSjcQmZ7QIcSEmD
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-