General
-
Target
4.exe
-
Size
5KB
-
Sample
221224-ydjj5aae44
-
MD5
808371d24bd7ce681e45a4893a0c2db8
-
SHA1
1463dbd8ac03f10a8a42033c46a9ccd02e5165f4
-
SHA256
05012029f292958279ee1e9a71f5760a438b2524d40dec747970a304e526377e
-
SHA512
896a5e1e32d8e986aef6eb50f78cc12173b3d4cc18a69d603b58a9fdb18783e1a59970649c0cb10beb67db0237f0b2e966f21e493288c2ffa46edf5fd85de05f
-
SSDEEP
96:WTj79bKCFmOHjtAwhvk+aKsJAYfsvvk+a20Lvud3ojbrl:U/9bRFZHjfhvk+9Y6vkC4ud6
Static task
static1
Behavioral task
behavioral1
Sample
4.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
4.exe
-
Size
5KB
-
MD5
808371d24bd7ce681e45a4893a0c2db8
-
SHA1
1463dbd8ac03f10a8a42033c46a9ccd02e5165f4
-
SHA256
05012029f292958279ee1e9a71f5760a438b2524d40dec747970a304e526377e
-
SHA512
896a5e1e32d8e986aef6eb50f78cc12173b3d4cc18a69d603b58a9fdb18783e1a59970649c0cb10beb67db0237f0b2e966f21e493288c2ffa46edf5fd85de05f
-
SSDEEP
96:WTj79bKCFmOHjtAwhvk+aKsJAYfsvvk+a20Lvud3ojbrl:U/9bRFZHjfhvk+9Y6vkC4ud6
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-