General
-
Target
JHGSD37623.exe
-
Size
537KB
-
Sample
221212-pllvsaea7s
-
MD5
43f232536b413ebf169141944069ae77
-
SHA1
0efc90691d45072ddd595cc4c2258e2f4bea42de
-
SHA256
a227c96af593108664720742c60c200d370094fb1c2acf8ff5516611917f2c64
-
SHA512
3adb48ae6dcdfbea2ac3bea9439e1d5d44884a3a5d5f3ac31ff9ad7a437f8a877a4ca8a1eda9213d4bced7e5c1181a0197aa957d422620a83fbbc745b0f470f6
-
SSDEEP
12288:g4lThwQGIQilGzWTifG1g6eUtEsx1P5W1Zrr004mTbtoMA:RlTOFq7TifGG66sv5W1Zrndbt
Behavioral task
behavioral1
Sample
JHGSD37623.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
JHGSD37623.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
JHGSD37623.exe
-
Size
537KB
-
MD5
43f232536b413ebf169141944069ae77
-
SHA1
0efc90691d45072ddd595cc4c2258e2f4bea42de
-
SHA256
a227c96af593108664720742c60c200d370094fb1c2acf8ff5516611917f2c64
-
SHA512
3adb48ae6dcdfbea2ac3bea9439e1d5d44884a3a5d5f3ac31ff9ad7a437f8a877a4ca8a1eda9213d4bced7e5c1181a0197aa957d422620a83fbbc745b0f470f6
-
SSDEEP
12288:g4lThwQGIQilGzWTifG1g6eUtEsx1P5W1Zrr004mTbtoMA:RlTOFq7TifGG66sv5W1Zrndbt
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-