General
-
Target
7880d555505f961cfc6d78902bd98e0ac9f08310efaf2d671a3a721521ff5bc6
-
Size
5KB
-
Sample
230119-hw4d9afc74
-
MD5
6fa1280cde72295b189cfe1242f5734c
-
SHA1
fcaaf4c4b56b673eb5ed15e53749ec8d6e9b4d7d
-
SHA256
7880d555505f961cfc6d78902bd98e0ac9f08310efaf2d671a3a721521ff5bc6
-
SHA512
0aeaa7604157a0fda3950ce313d5573e1f08d31dc80349dcc7fd49a78d1b498fbfd040597482df960848d504390f79b4b96e92b34b74d68f7efbfc7319348074
-
SSDEEP
96:rrL79o0ll3VI2tqvDNXlXo080Jk/IzcvHd3ojwrl:rr9D/33QNXlr80Jk/IwHd7
Static task
static1
Behavioral task
behavioral1
Sample
7880d555505f961cfc6d78902bd98e0ac9f08310efaf2d671a3a721521ff5bc6.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
7880d555505f961cfc6d78902bd98e0ac9f08310efaf2d671a3a721521ff5bc6
-
Size
5KB
-
MD5
6fa1280cde72295b189cfe1242f5734c
-
SHA1
fcaaf4c4b56b673eb5ed15e53749ec8d6e9b4d7d
-
SHA256
7880d555505f961cfc6d78902bd98e0ac9f08310efaf2d671a3a721521ff5bc6
-
SHA512
0aeaa7604157a0fda3950ce313d5573e1f08d31dc80349dcc7fd49a78d1b498fbfd040597482df960848d504390f79b4b96e92b34b74d68f7efbfc7319348074
-
SSDEEP
96:rrL79o0ll3VI2tqvDNXlXo080Jk/IzcvHd3ojwrl:rr9D/33QNXlr80Jk/IwHd7
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-