General
-
Target
J74N3UGkQRFbJPTK.exe
-
Size
8.2MB
-
Sample
241031-xb5txazrdz
-
MD5
e0cf4901b5fe2a17af5a369e7faeab1b
-
SHA1
2d71a612c66a267d71f39769b2ab3d7e99035764
-
SHA256
66cfe98bdab5ba7bc9642ae084b708deb928d4688b9bc577c5add8b021cbcafe
-
SHA512
22dbf9e1d71822ffd6c5505a2eeffb46fbf75d5e5cec9fba619ccf78100ec9a5f6063fafce1f07bcdae3eeb8ec0732661ba15fca7bf57bb08d0943b1d0512df6
-
SSDEEP
196608:sfU3F+AqdanoW6dyebDOuKMXRlbO0OeRzM1Hyq:8qFovIebSDwyeZMpX
Malware Config
Extracted
asyncrat
0.5.8
Default
dns.njalla.pl:4500
dns.njalla.pl:7854
dns.njalla.si:4500
dns.njalla.si:7854
O7kXyfiG4vsr
-
delay
3
-
install
false
-
install_file
GoogleUpdate.exe
-
install_folder
%AppData%
Targets
-
-
Target
J74N3UGkQRFbJPTK.exe
-
Size
8.2MB
-
MD5
e0cf4901b5fe2a17af5a369e7faeab1b
-
SHA1
2d71a612c66a267d71f39769b2ab3d7e99035764
-
SHA256
66cfe98bdab5ba7bc9642ae084b708deb928d4688b9bc577c5add8b021cbcafe
-
SHA512
22dbf9e1d71822ffd6c5505a2eeffb46fbf75d5e5cec9fba619ccf78100ec9a5f6063fafce1f07bcdae3eeb8ec0732661ba15fca7bf57bb08d0943b1d0512df6
-
SSDEEP
196608:sfU3F+AqdanoW6dyebDOuKMXRlbO0OeRzM1Hyq:8qFovIebSDwyeZMpX
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-