General
-
Target
2w1.exe
-
Size
20.1MB
-
Sample
240701-rwbtnszgql
-
MD5
5824383219570d5efc4a2ed63a91980a
-
SHA1
f0b2ed592b33ba40f1117625458a1b820e10dcf7
-
SHA256
911a9ce35f5eba50196cd7280ab6e7fdd9ed52e6a6cae2cdf775148de80a9c10
-
SHA512
2d689a786247216e24ef3ec706d51a5fdad4382a73f76207ce61df3072ea08bc9c5815491a4b209dceb57e41b8a5dad95b1dca62bb2a7bb81265246bf85086a5
-
SSDEEP
393216:UtGGoHbktzg43YDKxq0XPZ0gsgEsQIGqr1+TtIi00VQ/6Z:UkPwzgIKYftskh71QtImAk
Behavioral task
behavioral1
Sample
2w1.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
asyncrat
Default
185.254.97.15:1334
-
delay
1
-
install
true
-
install_file
XD.exe
-
install_folder
%AppData%
Targets
-
-
Target
2w1.exe
-
Size
20.1MB
-
MD5
5824383219570d5efc4a2ed63a91980a
-
SHA1
f0b2ed592b33ba40f1117625458a1b820e10dcf7
-
SHA256
911a9ce35f5eba50196cd7280ab6e7fdd9ed52e6a6cae2cdf775148de80a9c10
-
SHA512
2d689a786247216e24ef3ec706d51a5fdad4382a73f76207ce61df3072ea08bc9c5815491a4b209dceb57e41b8a5dad95b1dca62bb2a7bb81265246bf85086a5
-
SSDEEP
393216:UtGGoHbktzg43YDKxq0XPZ0gsgEsQIGqr1+TtIi00VQ/6Z:UkPwzgIKYftskh71QtImAk
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Hide Artifacts: Hidden Files and Directories
-