General
-
Target
SecuriteInfo.com.Variant.Marsilia.2083.7256.16511.exe
-
Size
6KB
-
Sample
221217-lnrl9sbd4y
-
MD5
15b3b3645fee0733a659ef1b014abfc8
-
SHA1
fc93b58d612838b82e0935768165ec8417118dc6
-
SHA256
1114865b74ade384252ae949c4cc358114115915a12b642bdbab297f52864191
-
SHA512
4e661d5032f40f967787743caa761e12cbb67eee822359c20a0f1bf0cf1ca57a136a0b5054802e168565dcf779c9b308174cb90d4daa873c7e7331334b3a3ebf
-
SSDEEP
96:to79BlVCFWZJnNp5Nv8l/5k7Kxd3ojarl:t+9BKFW3Np5d8l/5pxd7
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Marsilia.2083.7256.16511.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Marsilia.2083.7256.16511.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
SecuriteInfo.com.Variant.Marsilia.2083.7256.16511.exe
-
Size
6KB
-
MD5
15b3b3645fee0733a659ef1b014abfc8
-
SHA1
fc93b58d612838b82e0935768165ec8417118dc6
-
SHA256
1114865b74ade384252ae949c4cc358114115915a12b642bdbab297f52864191
-
SHA512
4e661d5032f40f967787743caa761e12cbb67eee822359c20a0f1bf0cf1ca57a136a0b5054802e168565dcf779c9b308174cb90d4daa873c7e7331334b3a3ebf
-
SSDEEP
96:to79BlVCFWZJnNp5Nv8l/5k7Kxd3ojarl:t+9BKFW3Np5d8l/5pxd7
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-