General
-
Target
svchost.exe
-
Size
479KB
-
Sample
220719-r3514aefe7
-
MD5
4c6b01344809054252095695fe24aa5f
-
SHA1
d1571b19723ebb0def5a71b7d977ef4c5bdb66ab
-
SHA256
b20bdd03ad605edafccbed9cbf281d1fd370116dd07e335fc2f428e9efb2863b
-
SHA512
a26600e8233e90034a3a731246bdc634bc30478ea995c37317ef2e8139200f09446c4b78b500ffec5d7a84045790d0e80d20e4ba58cf28f0e4358f80e1db3af0
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20220718-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
secureyourdataarea1.duckdns.org:56390
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
svchost.exe
-
install_folder
%AppData%
Targets
-
-
Target
svchost.exe
-
Size
479KB
-
MD5
4c6b01344809054252095695fe24aa5f
-
SHA1
d1571b19723ebb0def5a71b7d977ef4c5bdb66ab
-
SHA256
b20bdd03ad605edafccbed9cbf281d1fd370116dd07e335fc2f428e9efb2863b
-
SHA512
a26600e8233e90034a3a731246bdc634bc30478ea995c37317ef2e8139200f09446c4b78b500ffec5d7a84045790d0e80d20e4ba58cf28f0e4358f80e1db3af0
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-