General
-
Target
XBinderOutput.exe
-
Size
85KB
-
Sample
241028-ym2gaswbpg
-
MD5
92d502cd0adf7ed26317f11a5b4ad760
-
SHA1
09b70d4087a9196eb842acb566f72cfd08825eeb
-
SHA256
abf0b9462cbb32034ef3f62ad470290ec43407085eb691ac3f61498dab7fd36c
-
SHA512
d905b7ecf04ef0594eb9e5c26c71a512c8bd17705ea1c3854169100d6bffc2a42f457ff4c0d12f2deea311fa20b62dff4cf828b583a1201e5bb178fbae5c430c
-
SSDEEP
1536:lMhlS6nzjc1fI7//fUciArlGhxuDuKSGpnb5qUV0Iqwfl3vcRd:l64gzY1fY//eh0Xb5uIqwN0
Static task
static1
Behavioral task
behavioral1
Sample
XBinderOutput.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
XBinderOutput.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
1.0.7
Test
5.tcp.eu.ngrok.io:19854
DcRatMutex_adlzxvdama
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
XBinderOutput.exe
-
Size
85KB
-
MD5
92d502cd0adf7ed26317f11a5b4ad760
-
SHA1
09b70d4087a9196eb842acb566f72cfd08825eeb
-
SHA256
abf0b9462cbb32034ef3f62ad470290ec43407085eb691ac3f61498dab7fd36c
-
SHA512
d905b7ecf04ef0594eb9e5c26c71a512c8bd17705ea1c3854169100d6bffc2a42f457ff4c0d12f2deea311fa20b62dff4cf828b583a1201e5bb178fbae5c430c
-
SSDEEP
1536:lMhlS6nzjc1fI7//fUciArlGhxuDuKSGpnb5qUV0Iqwfl3vcRd:l64gzY1fY//eh0Xb5uIqwN0
Score10/10-
Asyncrat family
-
Async RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-