General
-
Target
skibiditoilet.bat
-
Size
395KB
-
Sample
241120-v18wravlbq
-
MD5
fbcad94ee92cc636d8bba4f642130122
-
SHA1
e6efade17853c9d8cd4948c066d305ae7eb63f92
-
SHA256
14ff4d8940a0742974ca662986e8c421e2b0ee7c4dd3bad42133a06d83ff01e7
-
SHA512
a8aecd98d6ec6ccd40c76878d2f5669cb0260c9717af332adb053c7709a17669dc1d8906dae48081fc8e0f3712b462af013187975951b4b9a618ca1e08319de4
-
SSDEEP
6144:ZVjmIVN5c/teuyotWSdLVnUUSONjj3CRTPWYMGHGB/CERDTnL98UVzeBy/Dvi:TjVN5c/19koVUwjZYM5B/CER7VCui
Static task
static1
Behavioral task
behavioral1
Sample
skibiditoilet.bat
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
Victim
193.161.193.99:36700
-
delay
1
-
install
true
-
install_file
sysvlrhp.exe
-
install_folder
%AppData%
Targets
-
-
Target
skibiditoilet.bat
-
Size
395KB
-
MD5
fbcad94ee92cc636d8bba4f642130122
-
SHA1
e6efade17853c9d8cd4948c066d305ae7eb63f92
-
SHA256
14ff4d8940a0742974ca662986e8c421e2b0ee7c4dd3bad42133a06d83ff01e7
-
SHA512
a8aecd98d6ec6ccd40c76878d2f5669cb0260c9717af332adb053c7709a17669dc1d8906dae48081fc8e0f3712b462af013187975951b4b9a618ca1e08319de4
-
SSDEEP
6144:ZVjmIVN5c/teuyotWSdLVnUUSONjj3CRTPWYMGHGB/CERDTnL98UVzeBy/Dvi:TjVN5c/19koVUwjZYM5B/CER7VCui
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-