General
-
Target
8d74b7efbc5925bc698aaedf1765b0db6f229c26c864a1f455b31799d843da86
-
Size
6KB
-
Sample
221116-k8rmbsdh4y
-
MD5
0aaff59f3c6e21984d6ae068102ad15b
-
SHA1
a319da1286a95dff4c9ce5873e27e6e993e7695a
-
SHA256
8d74b7efbc5925bc698aaedf1765b0db6f229c26c864a1f455b31799d843da86
-
SHA512
e0535b565f30b8830ff6f904e59fe10b5863545c506d574d2a79c9f2dabdc5684407cd3d66925710ce3d062d3f54c6ed85f8ba9431c59dab331625d40d99513e
-
SSDEEP
96:a079RkCF/FnBUq+fIqtHNtUq0fId87t26yEoV76yvd3ojAOrl:H9RPFNBUq+f5VNtUq0fj7fyLGyvdc
Static task
static1
Behavioral task
behavioral1
Sample
8d74b7efbc5925bc698aaedf1765b0db6f229c26c864a1f455b31799d843da86.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
8d74b7efbc5925bc698aaedf1765b0db6f229c26c864a1f455b31799d843da86
-
Size
6KB
-
MD5
0aaff59f3c6e21984d6ae068102ad15b
-
SHA1
a319da1286a95dff4c9ce5873e27e6e993e7695a
-
SHA256
8d74b7efbc5925bc698aaedf1765b0db6f229c26c864a1f455b31799d843da86
-
SHA512
e0535b565f30b8830ff6f904e59fe10b5863545c506d574d2a79c9f2dabdc5684407cd3d66925710ce3d062d3f54c6ed85f8ba9431c59dab331625d40d99513e
-
SSDEEP
96:a079RkCF/FnBUq+fIqtHNtUq0fId87t26yEoV76yvd3ojAOrl:H9RPFNBUq+f5VNtUq0fj7fyLGyvdc
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-