General
-
Target
SecuriteInfo.com.Trojan.InjectNET.14.26458.24870.exe
-
Size
305KB
-
Sample
221107-14259sbhf5
-
MD5
b28a3a496bb68f9c4308ee7d888e7a27
-
SHA1
7cca1a10272b84abf7da155f913a301533ffd2c4
-
SHA256
985eb402fa66d0ab3594346f7fc61acc0cf0ee8449a5e66d387b9edfaed7e0d9
-
SHA512
e8b4e5f831a1db67da48175a4a5b22ec7adbe345794979b52fb90ac74c51bcaa8ce6cf80ba8518caa9b3e2bfb330e95d941075bb728bdafefa6c6b54c13847a6
-
SSDEEP
6144:BoXVkyjpPglDUzV5SZ7KVCgH6kZSPEVRyEPZ3:WlwlDUoqHY4RyKZ3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.InjectNET.14.26458.24870.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.InjectNET.14.26458.24870.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
asyncrat
0.5.7B
SecurityHealthSeurvice
217.64.31.3:8437
SecurityHealthSeurvice
-
delay
3
-
install
false
-
install_file
SecurityHealthSeurvice.exe
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
FileManager
20.107.115.162:50239
FileManager
-
delay
3
-
install
false
-
install_file
FileManager
-
install_folder
%AppData%
Targets
-
-
Target
SecuriteInfo.com.Trojan.InjectNET.14.26458.24870.exe
-
Size
305KB
-
MD5
b28a3a496bb68f9c4308ee7d888e7a27
-
SHA1
7cca1a10272b84abf7da155f913a301533ffd2c4
-
SHA256
985eb402fa66d0ab3594346f7fc61acc0cf0ee8449a5e66d387b9edfaed7e0d9
-
SHA512
e8b4e5f831a1db67da48175a4a5b22ec7adbe345794979b52fb90ac74c51bcaa8ce6cf80ba8518caa9b3e2bfb330e95d941075bb728bdafefa6c6b54c13847a6
-
SSDEEP
6144:BoXVkyjpPglDUzV5SZ7KVCgH6kZSPEVRyEPZ3:WlwlDUoqHY4RyKZ3
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-