General
-
Target
Discord Annocument Botnls..scr
-
Size
658KB
-
Sample
221202-fv3p8aff89
-
MD5
1ab8dbca5e2bba39723f00907d266de7
-
SHA1
729cb808637568f20ac886b3fac5f3cf5ff01dee
-
SHA256
c6dda31fa6cb4ce140f62c9ce604672fa4a9ba5d1792f2d77f3cfcb43b3227ac
-
SHA512
d1a31848eb9b683793afd36031ef8078ff962c2526272782cf2fca8db11afb71643a46b9ad6bce3ba8dba1b638672205726f6e96c7dd3e887228a2368ec08081
-
SSDEEP
12288:3oSO5i2eVUIvybKcEz4MM7S9HdKINesX7j6p9PI8GS0oN2:3ouTVUIvtH4H7aLeO23gRoY
Static task
static1
Behavioral task
behavioral1
Sample
Discord Annocument Botnls..scr
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
Discord Annocument Botnls..scr
-
Size
658KB
-
MD5
1ab8dbca5e2bba39723f00907d266de7
-
SHA1
729cb808637568f20ac886b3fac5f3cf5ff01dee
-
SHA256
c6dda31fa6cb4ce140f62c9ce604672fa4a9ba5d1792f2d77f3cfcb43b3227ac
-
SHA512
d1a31848eb9b683793afd36031ef8078ff962c2526272782cf2fca8db11afb71643a46b9ad6bce3ba8dba1b638672205726f6e96c7dd3e887228a2368ec08081
-
SSDEEP
12288:3oSO5i2eVUIvybKcEz4MM7S9HdKINesX7j6p9PI8GS0oN2:3ouTVUIvtH4H7aLeO23gRoY
Score10/10-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-