General
-
Target
4874508b4662cdbe145b4c70f86c70c7ce3237730098e41a67f2a961bd048953
-
Size
885KB
-
Sample
240806-qnhftathnb
-
MD5
3293e76bde33e374df998dc83874f03b
-
SHA1
44a13df0874936715bbb6ec9bb698bedc268c7e9
-
SHA256
4874508b4662cdbe145b4c70f86c70c7ce3237730098e41a67f2a961bd048953
-
SHA512
f37a23cadbb30996a3f2a56babd9b513c53134546f5976941e33b3b635a290e3fd5313657db249309dba97993ade6712f6a7c4a6f0f93df10f14b80e7f3662f2
-
SSDEEP
24576:HgEiAtVt8pxvgl12Em7BxpsCAz4KGQmE/G/cIK:bbuppgPMxqCIGPcIK
Malware Config
Extracted
asyncrat
0.5.8
blue.o7lab.me:7777
server.underground-cheat.xyz:7777
dtDtRWyW1m1g
-
delay
3
-
install
false
-
install_file
$77WinUpdate.exe
-
install_folder
%AppData%
Targets
-
-
Target
4874508b4662cdbe145b4c70f86c70c7ce3237730098e41a67f2a961bd048953
-
Size
885KB
-
MD5
3293e76bde33e374df998dc83874f03b
-
SHA1
44a13df0874936715bbb6ec9bb698bedc268c7e9
-
SHA256
4874508b4662cdbe145b4c70f86c70c7ce3237730098e41a67f2a961bd048953
-
SHA512
f37a23cadbb30996a3f2a56babd9b513c53134546f5976941e33b3b635a290e3fd5313657db249309dba97993ade6712f6a7c4a6f0f93df10f14b80e7f3662f2
-
SSDEEP
24576:HgEiAtVt8pxvgl12Em7BxpsCAz4KGQmE/G/cIK:bbuppgPMxqCIGPcIK
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-
Suspicious use of SetThreadContext
-