General
-
Target
378d97a39ef4c82dbe95adc05f6b5edee49df9c39decea580ecf1faba96c4648
-
Size
1.5MB
-
Sample
241129-sjpqfawphk
-
MD5
6951e66c7298c70eaa8ffef920860e82
-
SHA1
1d60ed7fcd2ac06da5a404ffc3607794913adda9
-
SHA256
378d97a39ef4c82dbe95adc05f6b5edee49df9c39decea580ecf1faba96c4648
-
SHA512
3c7bc4eb0eca97335af3f877ad5c4e360098db14e6a2ecd2448dc249d78a9d80fffeff5a6c83023b1acf9231f693115057146c2734be022705d7ab43cef2a946
-
SSDEEP
24576:OIbVFceoHpoXyM1vRVhglntZusnV261ejXc3a5wT90LyuyXlQmbc2Mz0hbi9ArI2:OIJFceIAyM1vRXmusVgc39T92yT+mlig
Malware Config
Extracted
asyncrat
v1.2.0
Default
27.124.46.187:7415
dljruvfxlegfirzzjpo
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
资料_install (1).exe
-
Size
1.5MB
-
MD5
85df64b647baf466f4621d1be7d005e1
-
SHA1
c090110069d644c54c8508e8e65ddcfae25949fc
-
SHA256
5ffe8edc15b6cb41122f6cc2550621e81776bc6914ea6388aecd17eec073aea4
-
SHA512
52f7676cd7cfd91eda286dabc13139272ac8e809c70ac80c11139193659b5f28ae75876b12845a9cc60215529d780d466c36d4e2722344b7fce870454fd15b26
-
SSDEEP
49152:tEBdH3KQaSIE1vlbkOAZOEzRT9IynYMHK3zT27yEbYp:mBpPZIUvlkpRCyd2zwylp
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
VenomRAT
Detects VenomRAT.
-
Venomrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to execute payload.
-