General
-
Target
AsyncClient.exe
-
Size
88KB
-
Sample
240703-l1823s1eqr
-
MD5
253a8c072df4c5a81da1c88eb2378ac1
-
SHA1
9cac2c633ff7fc9da16593b92db269ca38082b32
-
SHA256
bc5d0c784ccc8c455b30a7c793511e4d702d00f4f8003da5f603c0b4ace22c9a
-
SHA512
19ef5c01ffe342f941fb7934a95083bdd2940646ebb374f3e2a75f8bad25c38ef9a271abe33cc02ae32cbf74c97f4912ed185f291e42e8dc635e849cdddff202
-
SSDEEP
1536:xu6BdTAur2yobJzdF4ym4bTFTzGQrI5byDJdSfCPw4:xu6PTAur2yobJzdF4v4bTtzLk5ODJ8fu
Behavioral task
behavioral1
Sample
AsyncClient.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
asyncrat
0.5.8
Default
WarpDancer
-
delay
3
-
install
true
-
install_file
Zirael.exe
-
install_folder
%Temp%
-
pastebin_config
httphs://pastebin.com/raw/s14cUU5G
Targets
-
-
Target
AsyncClient.exe
-
Size
88KB
-
MD5
253a8c072df4c5a81da1c88eb2378ac1
-
SHA1
9cac2c633ff7fc9da16593b92db269ca38082b32
-
SHA256
bc5d0c784ccc8c455b30a7c793511e4d702d00f4f8003da5f603c0b4ace22c9a
-
SHA512
19ef5c01ffe342f941fb7934a95083bdd2940646ebb374f3e2a75f8bad25c38ef9a271abe33cc02ae32cbf74c97f4912ed185f291e42e8dc635e849cdddff202
-
SSDEEP
1536:xu6BdTAur2yobJzdF4ym4bTFTzGQrI5byDJdSfCPw4:xu6PTAur2yobJzdF4v4bTtzLk5ODJ8fu
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-