General
-
Target
4e259bb72091a51873695eab388599bf4665c0cd04363d48481ff406771fdf1b.exe
-
Size
270KB
-
Sample
241226-v69egasraq
-
MD5
403f3241e5af51a4cf93a0b7945a9d06
-
SHA1
6f40643395723f67f6d23ddc5261dbd65e093664
-
SHA256
4e259bb72091a51873695eab388599bf4665c0cd04363d48481ff406771fdf1b
-
SHA512
5ffa76cabbcd5020f249556fc52f74b7aab328c879fbd9a38cef7a0fe6e41218fcc4e405a296492df4c8261090dbe469ee40d540c0239f65d7ae445123ce1991
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8sdkXF:WFzDqa86hV6uRRqX1evPlwAEdkXF
Malware Config
Extracted
asyncrat
0.4.9G
corporation.warzonedns.com:9341
480-28105c055659
-
delay
0
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
4e259bb72091a51873695eab388599bf4665c0cd04363d48481ff406771fdf1b.exe
-
Size
270KB
-
MD5
403f3241e5af51a4cf93a0b7945a9d06
-
SHA1
6f40643395723f67f6d23ddc5261dbd65e093664
-
SHA256
4e259bb72091a51873695eab388599bf4665c0cd04363d48481ff406771fdf1b
-
SHA512
5ffa76cabbcd5020f249556fc52f74b7aab328c879fbd9a38cef7a0fe6e41218fcc4e405a296492df4c8261090dbe469ee40d540c0239f65d7ae445123ce1991
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8sdkXF:WFzDqa86hV6uRRqX1evPlwAEdkXF
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-