General
-
Target
PEInstaller.exe
-
Size
54KB
-
Sample
250419-3cea8syry8
-
MD5
e9dd08c82ee9543ed88a2df140be3162
-
SHA1
6950038c06707e4c6e4313bb59c30deae6f93ee4
-
SHA256
a2bcd0666901803cb37a0247a2a46b9e71b10969805b9154bfd07a46bce369b9
-
SHA512
078352b36ea8595f5ad293d7b04cd7d5b61bccfa11ddd83a10c6f41946815000398b7e2be1257b946eb75ceb9055c20a6975bbb577eb3d7a2407de4028bd8708
-
SSDEEP
1536:kpppNJkBOQEZcYx3dup+FFc2PlG1tMroSa5VghzsG:kzpkIQERMp+Tc2PlG12e
Malware Config
Extracted
asyncrat
0.5.8
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:2009
jc1XWfeoz50P
-
delay
10
-
install
true
-
install_file
executor.exe
-
install_folder
%Temp%
Targets
-
-
Target
PEInstaller.exe
-
Size
54KB
-
MD5
e9dd08c82ee9543ed88a2df140be3162
-
SHA1
6950038c06707e4c6e4313bb59c30deae6f93ee4
-
SHA256
a2bcd0666901803cb37a0247a2a46b9e71b10969805b9154bfd07a46bce369b9
-
SHA512
078352b36ea8595f5ad293d7b04cd7d5b61bccfa11ddd83a10c6f41946815000398b7e2be1257b946eb75ceb9055c20a6975bbb577eb3d7a2407de4028bd8708
-
SSDEEP
1536:kpppNJkBOQEZcYx3dup+FFc2PlG1tMroSa5VghzsG:kzpkIQERMp+Tc2PlG12e
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-