General
-
Target
Infected.exe
-
Size
63KB
-
Sample
240630-sea2gszcjh
-
MD5
ec264d38c731406574c516403c8216f9
-
SHA1
46ee5910bb1ddce81d60423f368414e1fd0a4d69
-
SHA256
1e64cff6d6002cf26905231e74eb9cb6150385e7f05c8eb1cfc2fc59062be89b
-
SHA512
ca7174f217e4737db208254f4c8fb0c6ddf112ecfb39b7c84d8732f6201d5bed28f72ffc17b5014d7e76d4b989ca13ca738a2e1d9f45386d2043e4c3a77d7797
-
SSDEEP
768:C2N0YjNUzTHC78dQC8A+XzGazcBRL5JTk1+T4KSBGHmDbD/ph0oX0JdT3vWSu8dP:UYmHssdSJYUbdh96dpu8dpqKmY7
Behavioral task
behavioral1
Sample
Infected.exe
Resource
win7-20240508-en
Malware Config
Extracted
asyncrat
Default
Ratrat2-50148.portmap.host:50148
-
delay
2
-
install
true
-
install_file
Alg.exe
-
install_folder
%AppData%
Targets
-
-
Target
Infected.exe
-
Size
63KB
-
MD5
ec264d38c731406574c516403c8216f9
-
SHA1
46ee5910bb1ddce81d60423f368414e1fd0a4d69
-
SHA256
1e64cff6d6002cf26905231e74eb9cb6150385e7f05c8eb1cfc2fc59062be89b
-
SHA512
ca7174f217e4737db208254f4c8fb0c6ddf112ecfb39b7c84d8732f6201d5bed28f72ffc17b5014d7e76d4b989ca13ca738a2e1d9f45386d2043e4c3a77d7797
-
SSDEEP
768:C2N0YjNUzTHC78dQC8A+XzGazcBRL5JTk1+T4KSBGHmDbD/ph0oX0JdT3vWSu8dP:UYmHssdSJYUbdh96dpu8dpqKmY7
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-