General
-
Target
1.exe
-
Size
799KB
-
Sample
220925-s2p4xsgdgq
-
MD5
98d7999986d63fbd914bddc3d7b7ecf9
-
SHA1
7c528fb3cc427791482f7a84923a21621cfb9675
-
SHA256
144a026bb63a29b36a3437094c4f53cf1cb135edcbe15ab06e35fb8759129bfc
-
SHA512
13bb42bf2078b3407af5786e9c1d057a306cba561519f905e4ba3fa1acaf8687551c70941775daa89394384808b6524659cda354a715e5ab3c3cba558c065616
-
SSDEEP
12288:v41SrH22qla5w/yXbxixFcRMFQIkeNCSo9mbX8:v0SrH0MW/IbxiYCQIkeNCSBQ
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
asyncrat
0.5.7B
Windows System Guard Runtime
217.64.31.3:8808
217.64.31.3:8437
Windows System Guard Runtime
-
delay
3
-
install
false
-
install_file
Windows Session Manager
-
install_folder
%AppData%
Targets
-
-
Target
1.exe
-
Size
799KB
-
MD5
98d7999986d63fbd914bddc3d7b7ecf9
-
SHA1
7c528fb3cc427791482f7a84923a21621cfb9675
-
SHA256
144a026bb63a29b36a3437094c4f53cf1cb135edcbe15ab06e35fb8759129bfc
-
SHA512
13bb42bf2078b3407af5786e9c1d057a306cba561519f905e4ba3fa1acaf8687551c70941775daa89394384808b6524659cda354a715e5ab3c3cba558c065616
-
SSDEEP
12288:v41SrH22qla5w/yXbxixFcRMFQIkeNCSo9mbX8:v0SrH0MW/IbxiYCQIkeNCSBQ
-
Detect PureCrypter loader
-
Modifies WinLogon for persistence
-
PureCrypter
PureCrypter is a loader which is intended for downloading and executing additional payloads.
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-