General
-
Target
SearchUpdates.7z
-
Size
13.9MB
-
Sample
230131-z9gk3scd5s
-
MD5
8a0d0c37749f0255730a68cadcacd96a
-
SHA1
fcdc5f5dabb5131a086290e52c4f3a34b509eeff
-
SHA256
80c70e397910f9de0bd81817f9d5eab3768efe3b9e3f5b3f25930e825213c62b
-
SHA512
193f10cbb10ed2ec5948c3675ab06265f4444a93435300ee2f9faa3986a5bac61457b9e8128fa4226e21585da8b8ebf7f3b8351a0e2ebe5e1a78123010660448
-
SSDEEP
393216:ThojdDrzJ1mezhvBZYmJQa5ugSkavAvjR7b:uhrzJ1mezxRJQSSkavAvj9b
Static task
static1
Behavioral task
behavioral1
Sample
SearchUpdates.exe
Resource
win10-20220812-en
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:8848
127.0.0.1:53898
127.0.0.1:16409
147.185.221.181:8848
147.185.221.181:53898
147.185.221.181:16409
svschost
-
delay
1
-
install
true
-
install_file
svschost.exe
-
install_folder
%Temp%
Targets
-
-
Target
SearchUpdates.exe
-
Size
14.0MB
-
MD5
b50befa21d58cb69f792a969d8f63519
-
SHA1
61dfd2e8121ed65475ca4d963f94d7689792289b
-
SHA256
40ea15b26bbc3fbb554a1ad0345bdd616a607d8eb39d8cdf3131508cfc1a5f26
-
SHA512
5b0a56f45230be28499738be0479077f41590f18206730a2fb82386635d5c1bfb1f52e0bed7aa1fdf539de11b194314084ca24e8ae88257742c347c05d5cf902
-
SSDEEP
393216:lZSjr23j6K1YqU0vWmykGfqR7/Rp5YTjZcSu:ae3j6K1YqKRkGc/Rp5YTj2Su
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-