General
-
Target
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
Size
63KB
-
Sample
230131-n5vrcshh9t
-
MD5
ed1ee3d0c76369d33b65f03f3ed3ab8f
-
SHA1
53e87a7a712ed8b1792235692a41ab97aa21b571
-
SHA256
0e19e57f2395dbc6e7126a1c6a6ba9731f7efce4acfe159427e3d0fb2306b4ff
-
SHA512
b805ef0cf42ebb6ebaf7b9bad814dffc8a92766e0b5a6a6a1460e403bf9bb46fbf3c4d097ec442897fd4ec5935cb150191dffd0b201575be824ab19806b100a0
-
SSDEEP
1536:3bO1/YRYNVRHBS2+hkto2YLEcyKSbXarURxoAGgOQPRjmR:3b2/Y2NV9Br+0Y4yGvfGgcR
Static task
static1
Behavioral task
behavioral1
Sample
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
Size
87KB
-
MD5
3c6ccbfe897915f0fe6bc34d193bf4a0
-
SHA1
6fe3161ee66e317889066a302474e511220939e7
-
SHA256
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
SHA512
e0bf1fc11deacb24b5d5de4bcfc522057d1ca1b4866325356b2c9a1f009c6562eee0c0e602478b3639de4beff14997d59a3b428281d9111278544fc5e3199536
-
SSDEEP
1536:Fn6gewiUBl7opCAFqRxzWbg5N0ns1decUmnybgR+fPUSphJ7L2Ut:0gewHgCSC0sXmbgR+fPUSphJ7Ll
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-