General
-
Target
AsyncClient_protected.exe
-
Size
3.7MB
-
Sample
240630-yr9cpsxcnr
-
MD5
b932c68c0270883947f788e8f515b3f5
-
SHA1
331f4298b4d87ab1acf0e7d675a9475383f0a524
-
SHA256
c7b89630f366ba04189f87ed7ccf7838b7db61ee00b9103ffbc6c18d829659cb
-
SHA512
1bceb186d1a040524836bba0526437a69041fd3a399c5bceb0151a793d2258210c49be572e838e22ef06c640953f475ccfd203c267eb5464e8c04d712b08e3f3
-
SSDEEP
98304:XIG/gN1A2Z5wiUv6QZjKcm/S7L8ziQGq/gU:XIG/gso5wii/Kcm5zFG
Behavioral task
behavioral1
Sample
AsyncClient_protected.exe
Resource
win7-20240508-en
Malware Config
Extracted
asyncrat
0.5.8
Default
2.tcp.ngrok.io:7777
2.tcp.ngrok.io:13109
dW8XbmjCtqQS
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
AsyncClient_protected.exe
-
Size
3.7MB
-
MD5
b932c68c0270883947f788e8f515b3f5
-
SHA1
331f4298b4d87ab1acf0e7d675a9475383f0a524
-
SHA256
c7b89630f366ba04189f87ed7ccf7838b7db61ee00b9103ffbc6c18d829659cb
-
SHA512
1bceb186d1a040524836bba0526437a69041fd3a399c5bceb0151a793d2258210c49be572e838e22ef06c640953f475ccfd203c267eb5464e8c04d712b08e3f3
-
SSDEEP
98304:XIG/gN1A2Z5wiUv6QZjKcm/S7L8ziQGq/gU:XIG/gso5wii/Kcm5zFG
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-