General
-
Target
TONDDOS.exe
-
Size
75KB
-
Sample
240802-w2hxdszcpe
-
MD5
06eaec3a5cb7252e97abd37ddf54197f
-
SHA1
74e6a469391440d9ac7d1adc9441da069d9cfc44
-
SHA256
f323b5b0eae72fea64467cc0cc66af93aedac7a524246b7014ef63b50e325ff7
-
SHA512
514522a7284dcec3a7f8c57370c05086ad0852f63937b39ef0800d8180a978539afb4047e8c064ec4455030ddbe2b8fc1d95b053e2b729e8569425900783a66f
-
SSDEEP
1536:Tu2z1T1y52I40FvL5AbnfxOv0qid0d825Zw9:Tu2xT1y52I40FvebnUvhid0tHw9
Behavioral task
behavioral1
Sample
TONDDOS.exe
Resource
win7-20240704-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
launcher1.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/xaLN0L9h
Targets
-
-
Target
TONDDOS.exe
-
Size
75KB
-
MD5
06eaec3a5cb7252e97abd37ddf54197f
-
SHA1
74e6a469391440d9ac7d1adc9441da069d9cfc44
-
SHA256
f323b5b0eae72fea64467cc0cc66af93aedac7a524246b7014ef63b50e325ff7
-
SHA512
514522a7284dcec3a7f8c57370c05086ad0852f63937b39ef0800d8180a978539afb4047e8c064ec4455030ddbe2b8fc1d95b053e2b729e8569425900783a66f
-
SSDEEP
1536:Tu2z1T1y52I40FvL5AbnfxOv0qid0d825Zw9:Tu2xT1y52I40FvebnUvhid0tHw9
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-