General
-
Target
1.exe
-
Size
5KB
-
Sample
221226-zw52hsdg66
-
MD5
0afa034595bdcf7b9b990b083910f7a5
-
SHA1
9c9d01227016d43458c7567612a64f88df84c787
-
SHA256
c6dd505d02069b6b0452f51c165db53fbb6b80b4b48de19c083ab22ef98b2158
-
SHA512
4753057e45f2f03f9cab56f3b7864d2d3455f2549ebb7e6c9fcc8680f8a9e38568026e72694cebf288f3e63fc180b08e5d0fad0f3b1a74e5dc88612d4db6544a
-
SSDEEP
96:RF79kEll3VI29zS6hENISXX8z/n3xuscvHd3ojbrl:79kE/332NISH8z/n3QXHd0
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
1.exe
-
Size
5KB
-
MD5
0afa034595bdcf7b9b990b083910f7a5
-
SHA1
9c9d01227016d43458c7567612a64f88df84c787
-
SHA256
c6dd505d02069b6b0452f51c165db53fbb6b80b4b48de19c083ab22ef98b2158
-
SHA512
4753057e45f2f03f9cab56f3b7864d2d3455f2549ebb7e6c9fcc8680f8a9e38568026e72694cebf288f3e63fc180b08e5d0fad0f3b1a74e5dc88612d4db6544a
-
SSDEEP
96:RF79kEll3VI29zS6hENISXX8z/n3xuscvHd3ojbrl:79kE/332NISH8z/n3QXHd0
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-