General
-
Target
DHL_damaged_package_jan_2025_92818217221.zip
-
Size
5KB
-
Sample
250123-md97asxler
-
MD5
c6fb159a1215d155ce1504227312b0b9
-
SHA1
e7cf78c609171444d0760899b82bb4a54f99eb8e
-
SHA256
61b3295baf234524bff6c8805618afd837ac3120d7811ea359e1a21283976afe
-
SHA512
2ecfbbf5c4ff57b13c889af1c487e6b1da7a769db83d11c5a9af89c22c3bf0a783e7db824ebbf3ef5528e476ed847796fb640b2477c428f3c52b5c7e9088577f
-
SSDEEP
96:gnL5eHBdpFZE+iunYdX+8DsLX+GZ0AIlTk7Plmu54fYXopingSjQlmiiR6v:M+TlvnYdqX+GZ0AIloZL54fGOS4t
Malware Config
Extracted
asyncrat
0.5.8
damaged_DHL
saleselma.freemyip.com:1052
saleselma.freemyip.com:1053
ngoklene.duckdns.org:1052
ngoklene.duckdns.org:1053
GiGZj9TM88UA
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
DHL_damaged_package_jan_2025_92818217221.vbs
-
Size
18KB
-
MD5
c75965dbddbcc556f2cd3e9f05b0da65
-
SHA1
c19fe776303d0d5dd56cf5306a4acdde829237b4
-
SHA256
8c4fc4c84ed395ac91e4ac2d1d124f7383703adcec53e6064475be947c52abfd
-
SHA512
370240fd84288a9a1cd2303c70823518fbeecd88a7c5aae7a8e428e48db05c090bec6251a0e864e1fe42e3d0082f3f5e0ba36dd37fbf9bb943faa8dff7d8cde7
-
SSDEEP
192:/k1i7Pg+WGy7HYqr2O5ZDtN/0+QxBAx7cCuAsTDgaPH4MPX2BmFfkd9ZyK4Bvrgy:c1CPo7nLWidq43U2XDnrwzun0/
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-