General
-
Target
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
Size
63KB
-
Sample
230131-wga12sbd21
-
MD5
30a41567b09e34ff15e3e388219d8221
-
SHA1
90db122d8f475562bf3b346d0ce9c04fabd43fae
-
SHA256
c7d5e45e077163f6e426e01c0d2a5a3a37d1addeb8dd32b09088190f99049fb7
-
SHA512
e17a5d81ef6915790fb206a50788739797f2a606d81916e3a36d86fa53439683ee3ca69d1ed014f51af54afa2309a799fafbd7fedc61f9e8614061e3efdd6b83
-
SSDEEP
1536:WbO1/YRYNVRHBS2+hkto2YLEcyKSbXarURxoAGgOQPRjm+:Wb2/Y2NV9Br+0Y4yGvfGgc+
Static task
static1
Behavioral task
behavioral1
Sample
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
Size
87KB
-
MD5
3c6ccbfe897915f0fe6bc34d193bf4a0
-
SHA1
6fe3161ee66e317889066a302474e511220939e7
-
SHA256
52bf11364e8430f4b271ebb29e2a55451543338be5b2a34e731ede58eef04241
-
SHA512
e0bf1fc11deacb24b5d5de4bcfc522057d1ca1b4866325356b2c9a1f009c6562eee0c0e602478b3639de4beff14997d59a3b428281d9111278544fc5e3199536
-
SSDEEP
1536:Fn6gewiUBl7opCAFqRxzWbg5N0ns1decUmnybgR+fPUSphJ7L2Ut:0gewHgCSC0sXmbgR+fPUSphJ7Ll
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-