General
-
Target
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
Size
63KB
-
Sample
221212-v3eexsca88
-
MD5
62da5d39ea660313ec5aa241ccc1f1c7
-
SHA1
d2440072f9b7804e1c3f4392bb2405bcf161f648
-
SHA256
9e2907deec3bc3c5a673fce50df169d8d9b4b8d433a642a3dd7cbe81ef54a0c5
-
SHA512
c901f16f70aee9b2a00a278ca2e683d5441dc5626244da33dcca82aac0859556e69ab5370971bedbd2e6e02a185e3a98254572e63e994e88ece0889548f24faf
-
SSDEEP
1536:UbO1/YRYNVRHBS2+hkto2YLEcyKSbXarURxoAGgOQPRjm0:Ub2/Y2NV9Br+0Y4yGvfGgc0
Static task
static1
Behavioral task
behavioral1
Sample
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
Size
87KB
-
MD5
3c6ccbfe897915f0fe6bc34d193bf4a0
-
SHA1
6fe3161ee66e317889066a302474e511220939e7
-
SHA256
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
SHA512
e0bf1fc11deacb24b5d5de4bcfc522057d1ca1b4866325356b2c9a1f009c6562eee0c0e602478b3639de4beff14997d59a3b428281d9111278544fc5e3199536
-
SSDEEP
1536:Fn6gewiUBl7opCAFqRxzWbg5N0ns1decUmnybgR+fPUSphJ7L2Ut:0gewHgCSC0sXmbgR+fPUSphJ7Ll
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-