General
-
Target
SecuriteInfo.com.Trojan.GenericKDZ.97497.29505.12657.exe
-
Size
621KB
-
Sample
230216-x7st8abd57
-
MD5
45f42e17dd7229140a940f3346ddf3a9
-
SHA1
dbf51050b80bd2932bfed81fc867495bbd856ca6
-
SHA256
785ebeb84c2bc65d0b0a55691f18631c110531b132f60535b8462684d2492b81
-
SHA512
3a1c2a3ee5382c61759e1a2664f2871eb49c567de6dec8ad70e797d4698f7950ec78eb567aba3ad286723bae926856509e880777d4165a75cc2463fcb4fbc7ef
-
SSDEEP
12288:NeHlPTZh6q6/TKPzG7rjkKzG9DP+ogIGdjPETxpj:NeHllY/TKPzG7+B+TIOjPWxF
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKDZ.97497.29505.12657.exe
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
192.3.193.136:2023
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKDZ.97497.29505.12657.exe
-
Size
621KB
-
MD5
45f42e17dd7229140a940f3346ddf3a9
-
SHA1
dbf51050b80bd2932bfed81fc867495bbd856ca6
-
SHA256
785ebeb84c2bc65d0b0a55691f18631c110531b132f60535b8462684d2492b81
-
SHA512
3a1c2a3ee5382c61759e1a2664f2871eb49c567de6dec8ad70e797d4698f7950ec78eb567aba3ad286723bae926856509e880777d4165a75cc2463fcb4fbc7ef
-
SSDEEP
12288:NeHlPTZh6q6/TKPzG7rjkKzG9DP+ogIGdjPETxpj:NeHllY/TKPzG7+B+TIOjPWxF
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-