General
-
Target
kids.bat
-
Size
368B
-
Sample
241121-3cy1mswrep
-
MD5
77e20cc9b8332536c63147d861cf554c
-
SHA1
b068597a13cc0dafc3de9d98595a0bf479b8227f
-
SHA256
7a3fd30d774152069744411923370c4502a6d07847c7ac9377602741fb4c1859
-
SHA512
4c639c81461fab44c2e66859798da1263ad228e463b7d260c226f812d56eddcd5b03c02d4ea10ac025803f2ef05d7a4d7fd06436c35636248770ad0ec91f0568
Static task
static1
Behavioral task
behavioral1
Sample
kids.bat
Resource
win7-20240903-en
Malware Config
Extracted
asyncrat
Default
technical-southwest.gl.at.ply.gg:58694
-
delay
1
-
install
true
-
install_file
WINDOWS.exe
-
install_folder
%AppData%
Targets
-
-
Target
kids.bat
-
Size
368B
-
MD5
77e20cc9b8332536c63147d861cf554c
-
SHA1
b068597a13cc0dafc3de9d98595a0bf479b8227f
-
SHA256
7a3fd30d774152069744411923370c4502a6d07847c7ac9377602741fb4c1859
-
SHA512
4c639c81461fab44c2e66859798da1263ad228e463b7d260c226f812d56eddcd5b03c02d4ea10ac025803f2ef05d7a4d7fd06436c35636248770ad0ec91f0568
-
Asyncrat family
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-