General
-
Target
d7ec34f5ac76d5d3d55f952c6bca7bef911d9f0910ac3579116c51842ac4e65d
-
Size
5KB
-
Sample
230101-hzzv8see4v
-
MD5
85ad8c8be29f8ec83a34585e05d45d11
-
SHA1
670bfc831a82935e613cf2e0ce95374d3c52e5bf
-
SHA256
d7ec34f5ac76d5d3d55f952c6bca7bef911d9f0910ac3579116c51842ac4e65d
-
SHA512
0918dfbaea95655a81c67c729bca574b27ded41700caa99d0606965c56d473d606286fe70183072f019177b9e3492d45d55b94f5b09d11b7d7885e8c3c667bc5
-
SSDEEP
96:f79ill3VI2FwQtzuvk+PeAYKOsDvk+PlzcvHd3ojLrl:j9i/33KQcvkiYKZvkowHd0
Static task
static1
Behavioral task
behavioral1
Sample
d7ec34f5ac76d5d3d55f952c6bca7bef911d9f0910ac3579116c51842ac4e65d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
d7ec34f5ac76d5d3d55f952c6bca7bef911d9f0910ac3579116c51842ac4e65d
-
Size
5KB
-
MD5
85ad8c8be29f8ec83a34585e05d45d11
-
SHA1
670bfc831a82935e613cf2e0ce95374d3c52e5bf
-
SHA256
d7ec34f5ac76d5d3d55f952c6bca7bef911d9f0910ac3579116c51842ac4e65d
-
SHA512
0918dfbaea95655a81c67c729bca574b27ded41700caa99d0606965c56d473d606286fe70183072f019177b9e3492d45d55b94f5b09d11b7d7885e8c3c667bc5
-
SSDEEP
96:f79ill3VI2FwQtzuvk+PeAYKOsDvk+PlzcvHd3ojLrl:j9i/33KQcvkiYKZvkowHd0
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-