General
-
Target
ad827a54acc3c6b9fed2a3e344a909650a961820f43abef72530ca1cb97ed6e3
-
Size
5KB
-
Sample
230119-hw4p1sfc82
-
MD5
d34920799acb9d9da6dd5ca301211938
-
SHA1
2d0ae1ee5678926b59768eb091d763b92ee13fa4
-
SHA256
ad827a54acc3c6b9fed2a3e344a909650a961820f43abef72530ca1cb97ed6e3
-
SHA512
520b4477ae63adb18cbf94f3d57527730a6193f6594ddbfbc1fa722969b43241ee4bb17ea23797719eef1101b22cc5809bbbe7638a222758556e66d51ad9bfa3
-
SSDEEP
96:Myo79uSQCFs61Qj1PNoH8t78Y/KBSvFd3ojzWrl:w9LTFRK1NoH8J8Y/K4FdD
Static task
static1
Behavioral task
behavioral1
Sample
ad827a54acc3c6b9fed2a3e344a909650a961820f43abef72530ca1cb97ed6e3.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
ad827a54acc3c6b9fed2a3e344a909650a961820f43abef72530ca1cb97ed6e3
-
Size
5KB
-
MD5
d34920799acb9d9da6dd5ca301211938
-
SHA1
2d0ae1ee5678926b59768eb091d763b92ee13fa4
-
SHA256
ad827a54acc3c6b9fed2a3e344a909650a961820f43abef72530ca1cb97ed6e3
-
SHA512
520b4477ae63adb18cbf94f3d57527730a6193f6594ddbfbc1fa722969b43241ee4bb17ea23797719eef1101b22cc5809bbbe7638a222758556e66d51ad9bfa3
-
SSDEEP
96:Myo79uSQCFs61Qj1PNoH8t78Y/KBSvFd3ojzWrl:w9LTFRK1NoH8J8Y/K4FdD
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-