General
-
Target
build.exe
-
Size
6.1MB
-
Sample
241231-r4ewasxnep
-
MD5
e7635fd18fe8720076cbfa1c2291132a
-
SHA1
36b92c71ba43577bae36cada0123fa27ccfb7df0
-
SHA256
bdfc9238f4c1c4d26fdd838bd39f0cff4f7628878320b73b1245cc21321615d7
-
SHA512
f2b613f7db04d3d179ef6ddeb979de64351400b029c11b661da36ee88184277c5c78dea147f4be064e56549a6dd52b7a7b85ea36efc6c249cfcd5453f93bfaad
-
SSDEEP
196608:7SkSIlLTUcwti7TQl2NgVg01MWAXAkuujCPX9YG9he5GnQCAJKN:ukSopwtQQl2aOtXADu8X9Y95GQLJ
Static task
static1
Malware Config
Extracted
asyncrat
1.0.7
Default
51.89.44.68:8848
etb3t1tr5n
-
delay
1
-
install
true
-
install_file
svchost.exe
-
install_folder
%Temp%
Targets
-
-
Target
build.exe
-
Size
6.1MB
-
MD5
e7635fd18fe8720076cbfa1c2291132a
-
SHA1
36b92c71ba43577bae36cada0123fa27ccfb7df0
-
SHA256
bdfc9238f4c1c4d26fdd838bd39f0cff4f7628878320b73b1245cc21321615d7
-
SHA512
f2b613f7db04d3d179ef6ddeb979de64351400b029c11b661da36ee88184277c5c78dea147f4be064e56549a6dd52b7a7b85ea36efc6c249cfcd5453f93bfaad
-
SSDEEP
196608:7SkSIlLTUcwti7TQl2NgVg01MWAXAkuujCPX9YG9he5GnQCAJKN:ukSopwtQQl2aOtXADu8X9Y95GQLJ
-
Asyncrat family
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-