General
-
Target
db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bbN.exe
-
Size
3.6MB
-
Sample
250103-xnavasyjfv
-
MD5
c1b291109f5b8e4e2bd958cf377867f0
-
SHA1
636e6e1279746ef11f8445360a3ca1855f13e715
-
SHA256
db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bb
-
SHA512
23a35524da71ef18dcba22d5b42c3f6131258d2040077b14a0a3f7f7820911694fc5c1f92933d39a41437b12de734225589ef02df8805d597e6b746443402b1a
-
SSDEEP
98304:lkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13:lkSIlLtzWAXAkuujCPX9YG9he5GnQCAo
Static task
static1
Behavioral task
behavioral1
Sample
db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bbN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bbN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
1.0.7
Default
51.89.44.68:8848
etb3t1tr5n
-
delay
1
-
install
true
-
install_file
svchost.exe
-
install_folder
%Temp%
Targets
-
-
Target
db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bbN.exe
-
Size
3.6MB
-
MD5
c1b291109f5b8e4e2bd958cf377867f0
-
SHA1
636e6e1279746ef11f8445360a3ca1855f13e715
-
SHA256
db55b9cb29193e52fe1aa08bdeb872392885cc1fe8a17883d163d87818b969bb
-
SHA512
23a35524da71ef18dcba22d5b42c3f6131258d2040077b14a0a3f7f7820911694fc5c1f92933d39a41437b12de734225589ef02df8805d597e6b746443402b1a
-
SSDEEP
98304:lkqXf0FlL9nrYAWAZi6sfLxkuahjCOeX9YG9see5GnRyCAm0makxH13:lkSIlLtzWAXAkuujCPX9YG9he5GnQCAo
-
Asyncrat family
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1