General
-
Target
North.exe
-
Size
1.0MB
-
Sample
240630-vqqbna1dle
-
MD5
3a3c4b29b5b5f763a2bb1f886f2d673a
-
SHA1
8c7654be0c885bb839586fb878188eab83ac4e98
-
SHA256
1bbb3bbcb68a435284cf1508b246e1766a1cb42cd89f60ea546824421b01e712
-
SHA512
64e3892c9ddbe762b50e1209b94405788d5a6ec805a495a2ad90f80fc0d7ddf782fe8940f6c1387911de14942d1fa662257db4e7831117ba60d68672c16b6b3c
-
SSDEEP
24576:Nk70TrcPzxFUTvUDMFShuyOb7h3skqSZ9ey9ma/3uuJGcPfpsSC:NkQTAPzoT8GSE7B3emcqXJ3PRs7
Static task
static1
Behavioral task
behavioral1
Sample
North.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
North.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
asyncrat
1.0.7
newsvchost
amazonshipping.duckdns.org:3311
87gygyfg7o8g7fgayasuufsadgusdfgh
-
delay
1
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
Targets
-
-
Target
North.exe
-
Size
1.0MB
-
MD5
3a3c4b29b5b5f763a2bb1f886f2d673a
-
SHA1
8c7654be0c885bb839586fb878188eab83ac4e98
-
SHA256
1bbb3bbcb68a435284cf1508b246e1766a1cb42cd89f60ea546824421b01e712
-
SHA512
64e3892c9ddbe762b50e1209b94405788d5a6ec805a495a2ad90f80fc0d7ddf782fe8940f6c1387911de14942d1fa662257db4e7831117ba60d68672c16b6b3c
-
SSDEEP
24576:Nk70TrcPzxFUTvUDMFShuyOb7h3skqSZ9ey9ma/3uuJGcPfpsSC:NkQTAPzoT8GSE7B3emcqXJ3PRs7
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-