General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1249880118269055007/1258859444121370706/sigma.rar?ex=668993b7&is=66884237&hm=611c47845ef9667a5cafae9d45e9910e4c614949eee25f2a751610f09c8b28b9&
Resource
win10v2004-20240704-en
windows10-2004-x64
15 signatures
150 seconds
Malware Config
Extracted
Family
asyncrat
Version
0.5.8
Botnet
Default
C2
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
Mutex
jbmgnzjCg3q3
Attributes
-
delay
3
-
install
true
-
install_file
my game.exe
-
install_folder
%AppData%
aes.plain
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1249880118269055007/1258859444121370706/sigma.rar?ex=668993b7&is=66884237&hm=611c47845ef9667a5cafae9d45e9910e4c614949eee25f2a751610f09c8b28b9&
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-