Resubmissions
06-12-2023 10:42
231206-mr3z5sdg85 10General
-
Target
Windows Defender.exe
-
Size
183KB
-
Sample
231206-mr3z5sdg85
-
MD5
9bcabaf1958649a969466f1c2964629f
-
SHA1
6871eb25d595532063eb5acab819ba0d886638b0
-
SHA256
64a45101867e90b0a25e1ee21e83110985d06d3b9733bfb7e50fff89697737ae
-
SHA512
3f3b1297cc0dfc66b944b88a000dd709d0ddd0e715a52229460cffe32d051222cb6a601d8e51fa68cb92a726e0cf525e0c9485b757ba35e12b6be82e33498fa5
-
SSDEEP
3072:IeVkX3EYqYkQW6ZQIpfiJZ5bnhkxtS951xNCygrTPE/i0tGKGMGuuMWnejTAtTDw:6X3EYM6ZQ4aH5bhkWb1iyWPkLGK/c3nb
Behavioral task
behavioral1
Sample
Windows Defender.exe
Resource
win7-20231023-en
Malware Config
Extracted
asyncrat
0.5.2
1.14.206.144:6606
1.14.206.144:7707
1.14.206.144:8808
564-8c88999ba04b
-
delay
0
-
install
true
-
install_file
Windows Defender.exe
-
install_folder
%AppData%
Targets
-
-
Target
Windows Defender.exe
-
Size
183KB
-
MD5
9bcabaf1958649a969466f1c2964629f
-
SHA1
6871eb25d595532063eb5acab819ba0d886638b0
-
SHA256
64a45101867e90b0a25e1ee21e83110985d06d3b9733bfb7e50fff89697737ae
-
SHA512
3f3b1297cc0dfc66b944b88a000dd709d0ddd0e715a52229460cffe32d051222cb6a601d8e51fa68cb92a726e0cf525e0c9485b757ba35e12b6be82e33498fa5
-
SSDEEP
3072:IeVkX3EYqYkQW6ZQIpfiJZ5bnhkxtS951xNCygrTPE/i0tGKGMGuuMWnejTAtTDw:6X3EYM6ZQ4aH5bhkWb1iyWPkLGK/c3nb
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-