General
-
Target
14e809a6ceaa08f85305d9944a7122898772fe77d73b7d5f557f2f08a3d71800
-
Size
5KB
-
Sample
230101-hzzkgabc72
-
MD5
70b303ba1ea0d9b0e42d7d0a70fc5d67
-
SHA1
d9459c78ed2f8ba8419da111f7e38dddbb051e86
-
SHA256
14e809a6ceaa08f85305d9944a7122898772fe77d73b7d5f557f2f08a3d71800
-
SHA512
053464b02dd44a27102be12bce20f0722da817dbea5c1ae533eb81d8e54fb1e14c6d06c13fcf051b4f3f02a93633f63737466460346e6fbc738291859986ffc8
-
SSDEEP
96:nOTVR79YSCFYqr+UqDoNrtuNtUqSoQIntvngd3ojsKrl:s9YZFL+UqDGrQNtUqSVugdry
Static task
static1
Behavioral task
behavioral1
Sample
14e809a6ceaa08f85305d9944a7122898772fe77d73b7d5f557f2f08a3d71800.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
14e809a6ceaa08f85305d9944a7122898772fe77d73b7d5f557f2f08a3d71800
-
Size
5KB
-
MD5
70b303ba1ea0d9b0e42d7d0a70fc5d67
-
SHA1
d9459c78ed2f8ba8419da111f7e38dddbb051e86
-
SHA256
14e809a6ceaa08f85305d9944a7122898772fe77d73b7d5f557f2f08a3d71800
-
SHA512
053464b02dd44a27102be12bce20f0722da817dbea5c1ae533eb81d8e54fb1e14c6d06c13fcf051b4f3f02a93633f63737466460346e6fbc738291859986ffc8
-
SSDEEP
96:nOTVR79YSCFYqr+UqDoNrtuNtUqSoQIntvngd3ojsKrl:s9YZFL+UqDGrQNtUqSVugdry
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-