General
-
Target
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
Size
87KB
-
Sample
230103-f3wlwaaa35
-
MD5
3c6ccbfe897915f0fe6bc34d193bf4a0
-
SHA1
6fe3161ee66e317889066a302474e511220939e7
-
SHA256
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
SHA512
e0bf1fc11deacb24b5d5de4bcfc522057d1ca1b4866325356b2c9a1f009c6562eee0c0e602478b3639de4beff14997d59a3b428281d9111278544fc5e3199536
-
SSDEEP
1536:Fn6gewiUBl7opCAFqRxzWbg5N0ns1decUmnybgR+fPUSphJ7L2Ut:0gewHgCSC0sXmbgR+fPUSphJ7Ll
Static task
static1
Behavioral task
behavioral1
Sample
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
Size
87KB
-
MD5
3c6ccbfe897915f0fe6bc34d193bf4a0
-
SHA1
6fe3161ee66e317889066a302474e511220939e7
-
SHA256
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
SHA512
e0bf1fc11deacb24b5d5de4bcfc522057d1ca1b4866325356b2c9a1f009c6562eee0c0e602478b3639de4beff14997d59a3b428281d9111278544fc5e3199536
-
SSDEEP
1536:Fn6gewiUBl7opCAFqRxzWbg5N0ns1decUmnybgR+fPUSphJ7L2Ut:0gewHgCSC0sXmbgR+fPUSphJ7Ll
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-