General
-
Target
SecuriteInfo.com.Variant.Marsilia.2083.6417.5596.exe
-
Size
5KB
-
Sample
221217-lnrl9sge44
-
MD5
9f785803874e569c4309fb73dc109d37
-
SHA1
6942a4e79d651d6ff8fe9e4fafa6dc48fc5c9ced
-
SHA256
7e2b561323379eb18ff180c88b7381edaaaf8b6047111a1b3e2a325dcebd123a
-
SHA512
b69e1189d80f39e29932e8ee07d5ecc37056a04cfb0549c2d61e8dbf1fbb32040412c0da0598ea4095700365aac3d201abaf5aa3c24c3c6d282389863ece00ec
-
SSDEEP
96:iC79tll3VI2vK8eu2tT+vk+zpCI80vK+/0s7DgGKed3ojgrl:iU9t/33v038vkM4I80vK+/0SAed/
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Marsilia.2083.6417.5596.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Marsilia.2083.6417.5596.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
SecuriteInfo.com.Variant.Marsilia.2083.6417.5596.exe
-
Size
5KB
-
MD5
9f785803874e569c4309fb73dc109d37
-
SHA1
6942a4e79d651d6ff8fe9e4fafa6dc48fc5c9ced
-
SHA256
7e2b561323379eb18ff180c88b7381edaaaf8b6047111a1b3e2a325dcebd123a
-
SHA512
b69e1189d80f39e29932e8ee07d5ecc37056a04cfb0549c2d61e8dbf1fbb32040412c0da0598ea4095700365aac3d201abaf5aa3c24c3c6d282389863ece00ec
-
SSDEEP
96:iC79tll3VI2vK8eu2tT+vk+zpCI80vK+/0s7DgGKed3ojgrl:iU9t/33v038vkM4I80vK+/0SAed/
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-