General
-
Target
file-ly5.bat
-
Size
604B
-
Sample
241029-3f9xba1je1
-
MD5
a382e3f085e005edb9c5ea215109bb9b
-
SHA1
e7454672385b823bd0e26eaaf092aa9f04607429
-
SHA256
5b60f3dc0e0e96085cdddb8d8135eede32ccc9f0981996261a8cf27d4be2dbfb
-
SHA512
bee9a075e2acb3c47c24590e0b98a0949d5b7d6a86f017b0290304413bbac3b25e89ea8549a0be4fdfb88604ce6d950a151b3cd3370b71aefa9fbce3273a87ee
Static task
static1
Behavioral task
behavioral1
Sample
file-ly5.bat
Resource
win7-20240903-en
Malware Config
Extracted
https://u.to/nBL7IA
Extracted
asyncrat
Default
127.0.0.1:43655
excellent-waiver.gl.at.ply.gg:43655
tcp://gg123213123sadas-38622.portmap.host:43655
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
file-ly5.bat
-
Size
604B
-
MD5
a382e3f085e005edb9c5ea215109bb9b
-
SHA1
e7454672385b823bd0e26eaaf092aa9f04607429
-
SHA256
5b60f3dc0e0e96085cdddb8d8135eede32ccc9f0981996261a8cf27d4be2dbfb
-
SHA512
bee9a075e2acb3c47c24590e0b98a0949d5b7d6a86f017b0290304413bbac3b25e89ea8549a0be4fdfb88604ce6d950a151b3cd3370b71aefa9fbce3273a87ee
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-