General
-
Target
9549168790bc8b01d0c889fccb01bd73.exe
-
Size
5KB
-
Sample
230317-ld7whahd8w
-
MD5
9549168790bc8b01d0c889fccb01bd73
-
SHA1
3e0091a6e3d0e793c28056a19bbd882ff6992dea
-
SHA256
5ab1b5c6441512297d7523334bdb92dbee7f35ad76901d7f199bc9d5a1223457
-
SHA512
1f6eb588a7c2eba76d98e2d4662f855c4936070a9cf713b29bd8354e3fa5a298ebf565f2e7bbb3b1f6ce03640120b44b87097d50824e2ab137a26f60c76314bf
-
SSDEEP
96:pdr479SSCFQQQ+tpwvk+JcAY+sGwvk+JwnSvFd3ojdrl:pdi9SZFVHcvk2YgwvkLaFdw
Static task
static1
Behavioral task
behavioral1
Sample
9549168790bc8b01d0c889fccb01bd73.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9549168790bc8b01d0c889fccb01bd73.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
DefenderSmartScren
217.64.31.3:8437
DefenderSmartScren
-
delay
3
-
install
false
-
install_file
SecurityHealtheurvice.exe
-
install_folder
%AppData%
Targets
-
-
Target
9549168790bc8b01d0c889fccb01bd73.exe
-
Size
5KB
-
MD5
9549168790bc8b01d0c889fccb01bd73
-
SHA1
3e0091a6e3d0e793c28056a19bbd882ff6992dea
-
SHA256
5ab1b5c6441512297d7523334bdb92dbee7f35ad76901d7f199bc9d5a1223457
-
SHA512
1f6eb588a7c2eba76d98e2d4662f855c4936070a9cf713b29bd8354e3fa5a298ebf565f2e7bbb3b1f6ce03640120b44b87097d50824e2ab137a26f60c76314bf
-
SSDEEP
96:pdr479SSCFQQQ+tpwvk+JcAY+sGwvk+JwnSvFd3ojdrl:pdi9SZFVHcvk2YgwvkLaFdw
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-