General
-
Target
80b5367dce5fa3438971148c591192bb.exe
-
Size
5KB
-
Sample
221227-larp4sef32
-
MD5
80b5367dce5fa3438971148c591192bb
-
SHA1
e64e614bdc92464d237706a1ec8f16c4d030771a
-
SHA256
0de5d8b27608374949ef0271695ecab50c3b8384cfd875e2679b4a7a1772ac03
-
SHA512
0ec3553f437de1de9a3fc04013626cb3dc55e33ecdd26480383782f4b40c36119b985663a190c2ebdbf021b0252d27108a8c9a08df8adcd88153e3efbe5df1f3
-
SSDEEP
96:gf53TE79fkCFHGHtZsfvk+JCAYBsRvk+JCnSvFd3ojXLrl:O53O9fPFmHryvkUY6vkdaFd6
Static task
static1
Behavioral task
behavioral1
Sample
80b5367dce5fa3438971148c591192bb.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
80b5367dce5fa3438971148c591192bb.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
80b5367dce5fa3438971148c591192bb.exe
-
Size
5KB
-
MD5
80b5367dce5fa3438971148c591192bb
-
SHA1
e64e614bdc92464d237706a1ec8f16c4d030771a
-
SHA256
0de5d8b27608374949ef0271695ecab50c3b8384cfd875e2679b4a7a1772ac03
-
SHA512
0ec3553f437de1de9a3fc04013626cb3dc55e33ecdd26480383782f4b40c36119b985663a190c2ebdbf021b0252d27108a8c9a08df8adcd88153e3efbe5df1f3
-
SSDEEP
96:gf53TE79fkCFHGHtZsfvk+JCAYBsRvk+JCnSvFd3ojXLrl:O53O9fPFmHryvkUY6vkdaFd6
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-