General
-
Target
SecuriteInfo.com.Variant.Marsilia.2083.7256.16511.exe
-
Size
6KB
-
Sample
221217-lnrl9sbd4y
-
MD5
15b3b3645fee0733a659ef1b014abfc8
-
SHA1
fc93b58d612838b82e0935768165ec8417118dc6
-
SHA256
1114865b74ade384252ae949c4cc358114115915a12b642bdbab297f52864191
-
SHA512
4e661d5032f40f967787743caa761e12cbb67eee822359c20a0f1bf0cf1ca57a136a0b5054802e168565dcf779c9b308174cb90d4daa873c7e7331334b3a3ebf
-
SSDEEP
96:to79BlVCFWZJnNp5Nv8l/5k7Kxd3ojarl:t+9BKFW3Np5d8l/5pxd7
Malware Config
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
SecuriteInfo.com.Variant.Marsilia.2083.7256.16511.exe
-
Size
6KB
-
MD5
15b3b3645fee0733a659ef1b014abfc8
-
SHA1
fc93b58d612838b82e0935768165ec8417118dc6
-
SHA256
1114865b74ade384252ae949c4cc358114115915a12b642bdbab297f52864191
-
SHA512
4e661d5032f40f967787743caa761e12cbb67eee822359c20a0f1bf0cf1ca57a136a0b5054802e168565dcf779c9b308174cb90d4daa873c7e7331334b3a3ebf
-
SSDEEP
96:to79BlVCFWZJnNp5Nv8l/5k7Kxd3ojarl:t+9BKFW3Np5d8l/5pxd7
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-