General
-
Target
2d46f4b1468f643541f7e92c90374e720bde3c7fe28480404292e621373a9f71
-
Size
5KB
-
Sample
221227-h4gv8ahf5w
-
MD5
9834c42388182be07380f7cc078607c2
-
SHA1
c2953ef169d0abe1815298064aba8415588e3419
-
SHA256
2d46f4b1468f643541f7e92c90374e720bde3c7fe28480404292e621373a9f71
-
SHA512
feff00f3cc2ded69a135d982266dab656d89556991af0ef5fd8902817bbf91443b4cdc2f662f086f077e5305f714abeb043a2c9f7334db5bf18cd33c05eb091a
-
SSDEEP
96:bCfdS79OWL1bhycGzw8cL39UqDS1tBNtUqPSJvvqd3ojwrl:0O9OWL1bhycQcRUqDszNtUqPCqdP
Static task
static1
Behavioral task
behavioral1
Sample
2d46f4b1468f643541f7e92c90374e720bde3c7fe28480404292e621373a9f71.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
2d46f4b1468f643541f7e92c90374e720bde3c7fe28480404292e621373a9f71
-
Size
5KB
-
MD5
9834c42388182be07380f7cc078607c2
-
SHA1
c2953ef169d0abe1815298064aba8415588e3419
-
SHA256
2d46f4b1468f643541f7e92c90374e720bde3c7fe28480404292e621373a9f71
-
SHA512
feff00f3cc2ded69a135d982266dab656d89556991af0ef5fd8902817bbf91443b4cdc2f662f086f077e5305f714abeb043a2c9f7334db5bf18cd33c05eb091a
-
SSDEEP
96:bCfdS79OWL1bhycGzw8cL39UqDS1tBNtUqPSJvvqd3ojwrl:0O9OWL1bhycQcRUqDszNtUqPCqdP
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-