General
-
Target
Krishna33.exe
-
Size
97KB
-
Sample
241031-vg4gxssalq
-
MD5
1ebef0766160be26918574b1645c1848
-
SHA1
c30739eeecb96079bcf6d4f40c94e35abb230e34
-
SHA256
3e664b59ba376749eb9b596b6499bf7edcec5d34382ead80964f9fe92a4c3c83
-
SHA512
01c42bb22a92543a3408c6f420593443357a53915937341b5eaf8563ee775dbdeba7af38e2df9c9cf249a512a5a42c65c4c4d39d100e8a4143e58fd235b85951
-
SSDEEP
1536:ou1a21T3xN2s/tH3bPXSiTbgd2HJ0cYeWQzPhOvVihneW9+e2:ouc6T3xN28tH3bPfIK0wz5OdRSN2
Behavioral task
behavioral1
Sample
Krishna33.exe
Resource
win7-20241010-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
1.tcp.ap.ngrok.io:21049
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
chrome.exe
-
install_folder
%AppData%
Targets
-
-
Target
Krishna33.exe
-
Size
97KB
-
MD5
1ebef0766160be26918574b1645c1848
-
SHA1
c30739eeecb96079bcf6d4f40c94e35abb230e34
-
SHA256
3e664b59ba376749eb9b596b6499bf7edcec5d34382ead80964f9fe92a4c3c83
-
SHA512
01c42bb22a92543a3408c6f420593443357a53915937341b5eaf8563ee775dbdeba7af38e2df9c9cf249a512a5a42c65c4c4d39d100e8a4143e58fd235b85951
-
SSDEEP
1536:ou1a21T3xN2s/tH3bPXSiTbgd2HJ0cYeWQzPhOvVihneW9+e2:ouc6T3xN28tH3bPfIK0wz5OdRSN2
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-