General
-
Target
d4278af4c129db3ea1c48d890304abd1
-
Size
616KB
-
Sample
220805-w1fqmsgaa4
-
MD5
d4278af4c129db3ea1c48d890304abd1
-
SHA1
b6ca93a2c12c164a73339020070662b618723744
-
SHA256
9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc
-
SHA512
807c9a5242a831f2f70e8a949a11c58cfe79b9438a7c2d5484ce899cef6f2f8574f7b03a8d896b5e6473669738266cb04b1b0f9c5e63d85c4c2a00e132b9dcc2
Static task
static1
Behavioral task
behavioral1
Sample
d4278af4c129db3ea1c48d890304abd1.exe
Resource
win7-20220718-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
37.0.14.198:6161
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
.exe
-
install_folder
%AppData%
Targets
-
-
Target
d4278af4c129db3ea1c48d890304abd1
-
Size
616KB
-
MD5
d4278af4c129db3ea1c48d890304abd1
-
SHA1
b6ca93a2c12c164a73339020070662b618723744
-
SHA256
9d19de1d4be447775e3345eae357a9571bd86a607eaf25df48a6840acbc390cc
-
SHA512
807c9a5242a831f2f70e8a949a11c58cfe79b9438a7c2d5484ce899cef6f2f8574f7b03a8d896b5e6473669738266cb04b1b0f9c5e63d85c4c2a00e132b9dcc2
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-