General
-
Target
DFDS4.exe
-
Size
6KB
-
Sample
221206-hqx1aage5z
-
MD5
aacae33f1697d56d6ebbe91f49426380
-
SHA1
043d947a5ba9db57da8804ee1b3db6411c36a317
-
SHA256
e03373744068eb32bc09755df8ff0f111f93a47d94a9cca7513adac83a92d081
-
SHA512
a150a3f35b00e7553d5aabb6e524cd0770d10714cd255665f4355f9922b91d400d2d2c0c276b18dba2bd999da210a4538754da9f38b819d2a2b3c947a75f6c20
-
SSDEEP
192:3m1I9XX1FrDl2ND2tLNtUq256XvW4NRcWedV:KI9Xl32NKNt/jvW4NRcW2V
Static task
static1
Behavioral task
behavioral1
Sample
DFDS4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DFDS4.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
DFDS4.exe
-
Size
6KB
-
MD5
aacae33f1697d56d6ebbe91f49426380
-
SHA1
043d947a5ba9db57da8804ee1b3db6411c36a317
-
SHA256
e03373744068eb32bc09755df8ff0f111f93a47d94a9cca7513adac83a92d081
-
SHA512
a150a3f35b00e7553d5aabb6e524cd0770d10714cd255665f4355f9922b91d400d2d2c0c276b18dba2bd999da210a4538754da9f38b819d2a2b3c947a75f6c20
-
SSDEEP
192:3m1I9XX1FrDl2ND2tLNtUq256XvW4NRcWedV:KI9Xl32NKNt/jvW4NRcW2V
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-