General
-
Target
693b320b7ead59116cf3f84bf544e657fcfd36110b1f27f03d182f9c4ffd2158
-
Size
267KB
-
Sample
241015-2rt5kavhlq
-
MD5
4499e79f07964fc7d7e2e32f4cd5c2bb
-
SHA1
17b42d7330c8bc9470d9db20e8a1a28bd399b2b6
-
SHA256
693b320b7ead59116cf3f84bf544e657fcfd36110b1f27f03d182f9c4ffd2158
-
SHA512
46e474b304485c41de33c876be4edca4e63aadaa62d2863a46df67e019a21ca5f2e11eb6331683f905c62b5a066496da6ac2442f92378376c5967563ff312992
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sD:WFzDqa86hV6uRRqX1evPlwAED
Malware Config
Extracted
asyncrat
0.4.9G
corporation.warzonedns.com:9341
480-28105c055659
-
delay
0
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
693b320b7ead59116cf3f84bf544e657fcfd36110b1f27f03d182f9c4ffd2158
-
Size
267KB
-
MD5
4499e79f07964fc7d7e2e32f4cd5c2bb
-
SHA1
17b42d7330c8bc9470d9db20e8a1a28bd399b2b6
-
SHA256
693b320b7ead59116cf3f84bf544e657fcfd36110b1f27f03d182f9c4ffd2158
-
SHA512
46e474b304485c41de33c876be4edca4e63aadaa62d2863a46df67e019a21ca5f2e11eb6331683f905c62b5a066496da6ac2442f92378376c5967563ff312992
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/sD:WFzDqa86hV6uRRqX1evPlwAED
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-