General
-
Target
0969e21e59f59df0800c57a7afdd7a50N.exe
-
Size
266KB
-
Sample
240725-zz88caxhkb
-
MD5
0969e21e59f59df0800c57a7afdd7a50
-
SHA1
d1cb11da5e5daaa764af3605dc93c7af27658c12
-
SHA256
f47794765c365e7724d229da871f381eb461bd084deba063a18c8ca58b994450
-
SHA512
c55aab17b4e8732fbb89027f0559c305d3ca574fea89c770b99fe6336bcc648ae2a38225adf649f0cd36811a86686bb1578241568dde7f30f4cb0d45e8905c5d
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sT:WFzDqa86hV6uRRqX1evPlwAET
Malware Config
Targets
-
-
Target
0969e21e59f59df0800c57a7afdd7a50N.exe
-
Size
266KB
-
MD5
0969e21e59f59df0800c57a7afdd7a50
-
SHA1
d1cb11da5e5daaa764af3605dc93c7af27658c12
-
SHA256
f47794765c365e7724d229da871f381eb461bd084deba063a18c8ca58b994450
-
SHA512
c55aab17b4e8732fbb89027f0559c305d3ca574fea89c770b99fe6336bcc648ae2a38225adf649f0cd36811a86686bb1578241568dde7f30f4cb0d45e8905c5d
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sT:WFzDqa86hV6uRRqX1evPlwAET
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-