General
-
Target
SearchUpdate.rar
-
Size
18.0MB
-
Sample
230401-rzxwbaaf37
-
MD5
2b0f7746240beb3fe03491e16257c513
-
SHA1
4cc806d0fee4947e4b73b0cba90edc2f232377dd
-
SHA256
871ceb94e716adf0c8ae35783fc3812fc1a44bae1bac3c37f7db8d9d8ea1ae64
-
SHA512
684cc3bac4c8e91a412509f0a8d60de0c6e05c82ff2942f7a050d66ad99c1be0b1955cc293ea4f38c1e82688f2d0e46832ba534c9b6236a900b39905d988a2dd
-
SSDEEP
393216:qCwdUkFk27o277EZR0WqoBAjGPOKgTrjOIRaJ1fsS3ljEotuGk:qCwdLH8u72R0SAjG+nyE0r35EoI1
Static task
static1
Behavioral task
behavioral1
Sample
SearchUpdate.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SearchUpdate.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
1.0.7
Default
127.0.0.1:8848
127.0.0.1:53898
127.0.0.1:16409
147.185.221.181:8848
147.185.221.181:53898
147.185.221.181:16409
svschost
-
delay
1
-
install
true
-
install_file
svschost.exe
-
install_folder
%Temp%
Targets
-
-
Target
SearchUpdate.exe
-
Size
18.2MB
-
MD5
6babd670b96f60cfb36c36ed057700e7
-
SHA1
333b99f54e1605c197bf20193317c54a47474c16
-
SHA256
a8af6a70435000294079a6ba0b1b47c39940c4ace2633a97ae2746ddefad3232
-
SHA512
22f59c82452c6bdefa1f00b977b39bd04841c6bc7b37b4310f10e36ea2a7f31b71219dc43f4252955aa8183879285fb3f4d9000d6d1130a45636b42900818fc0
-
SSDEEP
393216:MaL/oNDjomGNGS/tzJWH8HbnQZpbFpUQnz1JDTRijXTWEi4v+8ixXkJ:/clomGA8WHqbnQLfjz5+dhG8ix0J
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-