General
-
Target
a6ee35a6f6df35f07f410aa318e26b4f48125c13383d0a57af1eb188378334e9
-
Size
5KB
-
Sample
230121-hg74wscf2z
-
MD5
51a17f574cbbcd25376f6c362981ff5b
-
SHA1
a972014ec577230af4a7d1f79012b8a3e5b1bc81
-
SHA256
a6ee35a6f6df35f07f410aa318e26b4f48125c13383d0a57af1eb188378334e9
-
SHA512
8bb9569242c9066c3cdec62d3e0e9b12f84f52712cdc13d3e15544e439dad0a4e4cb45852f32655b203ae953e385f06415f8a566e7281cf60dc0eb66e800e0ad
-
SSDEEP
96:Vmm+79yWL1bhyc9g1wtwCdvk+Zpe86/3S+YYKd3ojo9Xrl:xI9yWL1bhycnu2vkWA86/31Kdz
Static task
static1
Behavioral task
behavioral1
Sample
a6ee35a6f6df35f07f410aa318e26b4f48125c13383d0a57af1eb188378334e9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
a6ee35a6f6df35f07f410aa318e26b4f48125c13383d0a57af1eb188378334e9
-
Size
5KB
-
MD5
51a17f574cbbcd25376f6c362981ff5b
-
SHA1
a972014ec577230af4a7d1f79012b8a3e5b1bc81
-
SHA256
a6ee35a6f6df35f07f410aa318e26b4f48125c13383d0a57af1eb188378334e9
-
SHA512
8bb9569242c9066c3cdec62d3e0e9b12f84f52712cdc13d3e15544e439dad0a4e4cb45852f32655b203ae953e385f06415f8a566e7281cf60dc0eb66e800e0ad
-
SSDEEP
96:Vmm+79yWL1bhyc9g1wtwCdvk+Zpe86/3S+YYKd3ojo9Xrl:xI9yWL1bhycnu2vkWA86/31Kdz
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-