General
-
Target
BlueEagleXPR.exe
-
Size
4.3MB
-
Sample
250127-yj8ffatjgv
-
MD5
c4902cfc4c2ea6d2b3e4f385ae3cd1f6
-
SHA1
b9848b5eb85018801d690ddc7b264b07e89c52f4
-
SHA256
a575e60cb9bfe0ce25567779ffd942cea73bb023b84a38d26fb930ab2bc64d7a
-
SHA512
e642d4a68127b6a135c4bb0048a7208bf5e75e7f0a0bb2247b65238f78845f4c9c44ddc2729ba95486c5e88f7cfcd9359940b1d058cf33025621220d749523cf
-
SSDEEP
98304:rsT1KpK3AEv85NABo6bOeRU7ecKRQlJ1v0E+E78Gvzu1:Q4KwEvKQSeRU7eYLOEIGy
Malware Config
Extracted
asyncrat
1.0.7
GitHub
127.0.0.1:650
127.0.0.1:10000
domain13.ddns.net:650
domain13.ddns.net:10000
{76B6B781-3613-4A22-AE20-A66B9C12BB55}
-
delay
1
-
install
true
-
install_file
svchost.exe
-
install_folder
%AppData%
Targets
-
-
Target
BlueEagleXPR.exe
-
Size
4.3MB
-
MD5
c4902cfc4c2ea6d2b3e4f385ae3cd1f6
-
SHA1
b9848b5eb85018801d690ddc7b264b07e89c52f4
-
SHA256
a575e60cb9bfe0ce25567779ffd942cea73bb023b84a38d26fb930ab2bc64d7a
-
SHA512
e642d4a68127b6a135c4bb0048a7208bf5e75e7f0a0bb2247b65238f78845f4c9c44ddc2729ba95486c5e88f7cfcd9359940b1d058cf33025621220d749523cf
-
SSDEEP
98304:rsT1KpK3AEv85NABo6bOeRU7ecKRQlJ1v0E+E78Gvzu1:Q4KwEvKQSeRU7eYLOEIGy
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-