General
-
Target
599e17a85afe5abfc5e7f0210a5d76241bc5304d4ff1fd6f5376bd2aa859a3c6
-
Size
6KB
-
Sample
221205-g6l3aahc9v
-
MD5
224ad38879a55ecc379737225d02b85c
-
SHA1
260cfe1499c16b381698a462f0997b105add2e9d
-
SHA256
599e17a85afe5abfc5e7f0210a5d76241bc5304d4ff1fd6f5376bd2aa859a3c6
-
SHA512
fd781fee26055eeb4eed26058146a5423684543099313c8d6f6c4f157e6484c89cc2d7180f5b82555ce5eb194e595bbb5ce4da8f3e0eba7b1bca27a2a66ce335
-
SSDEEP
96:I8J79BlBCF5NTcofNVIIKtgNtUqpkK77mc359ed3ojXrl:z9BuFDNNVI5ONtUqpkK77Rzeda
Static task
static1
Behavioral task
behavioral1
Sample
599e17a85afe5abfc5e7f0210a5d76241bc5304d4ff1fd6f5376bd2aa859a3c6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
599e17a85afe5abfc5e7f0210a5d76241bc5304d4ff1fd6f5376bd2aa859a3c6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
599e17a85afe5abfc5e7f0210a5d76241bc5304d4ff1fd6f5376bd2aa859a3c6
-
Size
6KB
-
MD5
224ad38879a55ecc379737225d02b85c
-
SHA1
260cfe1499c16b381698a462f0997b105add2e9d
-
SHA256
599e17a85afe5abfc5e7f0210a5d76241bc5304d4ff1fd6f5376bd2aa859a3c6
-
SHA512
fd781fee26055eeb4eed26058146a5423684543099313c8d6f6c4f157e6484c89cc2d7180f5b82555ce5eb194e595bbb5ce4da8f3e0eba7b1bca27a2a66ce335
-
SSDEEP
96:I8J79BlBCF5NTcofNVIIKtgNtUqpkK77mc359ed3ojXrl:z9BuFDNNVI5ONtUqpkK77Rzeda
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-