General
-
Target
797a96f11dbaf5a64bde51be8ae1b0d0.bin
-
Size
2KB
-
Sample
230116-zwlmwahd6v
-
MD5
eff08713ef97128eff7c44459245f9ba
-
SHA1
f5223e5438651f0d08ab8941a830edbaa4835918
-
SHA256
a135d26f1276f808a6ac98758dcb68c098d525e5bdd26cd3f5c6c92157866a91
-
SHA512
7a910f62fe7522c5510bab274fa20ad43c066ab411b483fdb93a612ef7f52bd1883a271115bd81a7f350a7a0d9e9bf5c32fa87dd6b6e2342b766229909b74a02
Static task
static1
Behavioral task
behavioral1
Sample
18bd70f00050748d95afc8186bb8d4eca32f6933eb5fed644ed54ff8a01754e9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
18bd70f00050748d95afc8186bb8d4eca32f6933eb5fed644ed54ff8a01754e9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
18bd70f00050748d95afc8186bb8d4eca32f6933eb5fed644ed54ff8a01754e9.exe
-
Size
5KB
-
MD5
797a96f11dbaf5a64bde51be8ae1b0d0
-
SHA1
04830604fa3e508ce5c4119831f89e9353d2ae06
-
SHA256
18bd70f00050748d95afc8186bb8d4eca32f6933eb5fed644ed54ff8a01754e9
-
SHA512
beacc195efa95cc8abc7f007a4dce08af5e7a68d3e76be38c2736b9161af92bdcc43a3497562074e9ff32cc1b759ad3ed99dc17e418a3ff4d8b0fdc4c8d5a617
-
SSDEEP
96:s79kkCFmOg55/NjKtu8T/WPSvFd3ojmrl:a9kPFZgPNjK88T/WiFdN
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-