General
-
Target
568ad9e7ba8374b6bd36dd1475a2fe3fa125d72ea38e724f3c01375595a34298
-
Size
267KB
-
Sample
240808-1ee97szeqn
-
MD5
1ae1cf41f4f2337ea021c6fde824f49a
-
SHA1
452d014dbba37bc07d60bc9ae1a5d80f0fd5c903
-
SHA256
568ad9e7ba8374b6bd36dd1475a2fe3fa125d72ea38e724f3c01375595a34298
-
SHA512
f45ae1d90f816bc94c9e7255d6aa93bdb614f7fffd4c30556bd1fd9cc48a8a09a9e8e6ac58d1f703156b4c774be450e630df5efb6e8c1cc63aa778ba0c597b79
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8sY:WFzDqa86hV6uRRqX1evPlwAEY
Malware Config
Targets
-
-
Target
568ad9e7ba8374b6bd36dd1475a2fe3fa125d72ea38e724f3c01375595a34298
-
Size
267KB
-
MD5
1ae1cf41f4f2337ea021c6fde824f49a
-
SHA1
452d014dbba37bc07d60bc9ae1a5d80f0fd5c903
-
SHA256
568ad9e7ba8374b6bd36dd1475a2fe3fa125d72ea38e724f3c01375595a34298
-
SHA512
f45ae1d90f816bc94c9e7255d6aa93bdb614f7fffd4c30556bd1fd9cc48a8a09a9e8e6ac58d1f703156b4c774be450e630df5efb6e8c1cc63aa778ba0c597b79
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8sY:WFzDqa86hV6uRRqX1evPlwAEY
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-