General
-
Target
ProximaCLient.exe
-
Size
62KB
-
Sample
250121-bzwegszkfx
-
MD5
9b58a4fad9c0ddace097997174a11175
-
SHA1
aad8aaac4ac821a047d68d90bb3266d73e5f6457
-
SHA256
7bb046bb513f61bb2f038262e0355f239b0daefc081619cb51039bf0cf796033
-
SHA512
dc27a308b85434804249751deb19eb8ccbcef8c53ca5af6f662b74e41da4763593388c75216ceda66b83b5213a8c55c662d485ae70d9b9abc33bee3e053bb6ba
-
SSDEEP
1536:Nu2etT/+No2KISb6/N6FbbAb2FftIVZNdCwdAoeWYx:Nu2aT/+No2KISb6/N4bbAUeVZvB8px
Malware Config
Extracted
asyncrat
0.5.8
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
31.57.243.64:6606
31.57.243.64:7707
31.57.243.64:8808
LpF3ngSX2CvP
-
delay
3
-
install
true
-
install_file
lasjiiziopjwe.exe
-
install_folder
%AppData%
Targets
-
-
Target
ProximaCLient.exe
-
Size
62KB
-
MD5
9b58a4fad9c0ddace097997174a11175
-
SHA1
aad8aaac4ac821a047d68d90bb3266d73e5f6457
-
SHA256
7bb046bb513f61bb2f038262e0355f239b0daefc081619cb51039bf0cf796033
-
SHA512
dc27a308b85434804249751deb19eb8ccbcef8c53ca5af6f662b74e41da4763593388c75216ceda66b83b5213a8c55c662d485ae70d9b9abc33bee3e053bb6ba
-
SSDEEP
1536:Nu2etT/+No2KISb6/N6FbbAb2FftIVZNdCwdAoeWYx:Nu2aT/+No2KISb6/N4bbAUeVZvB8px
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-