General
-
Target
SUR.exe
-
Size
201KB
-
Sample
231215-qqta4aebg3
-
MD5
8d4a1a95e321a53a7014706e7aa54974
-
SHA1
347f580b7975a91b3c583a01d36e8007e071c320
-
SHA256
3db7b7ce56a0a659ddb853940d3fad699b858efae576dd8508ac1eeb52c8b764
-
SHA512
c6c2ea6b7c69ad7ab5e6660008e2f68d735b5a6eb6538337d10cfae11f63078ef3ac77f3f9ddfcb48593e3bdee7c611644dccd6b22ac9668c0d40379f67e44a0
-
SSDEEP
3072:hkfRRzJNGUbJ6ZOAvQOiv6gNsSV0KP7uCaAJgeO/XdtYkz:UfJbPAYnNT7P7uomeGr
Behavioral task
behavioral1
Sample
SUR.exe
Resource
win11-20231128-en
Malware Config
Extracted
asyncrat
Default
2.58.56.152:3232
שjيت吾x开ΑjIxt1杰1بsFRHi
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SUR.exe
-
Size
201KB
-
MD5
8d4a1a95e321a53a7014706e7aa54974
-
SHA1
347f580b7975a91b3c583a01d36e8007e071c320
-
SHA256
3db7b7ce56a0a659ddb853940d3fad699b858efae576dd8508ac1eeb52c8b764
-
SHA512
c6c2ea6b7c69ad7ab5e6660008e2f68d735b5a6eb6538337d10cfae11f63078ef3ac77f3f9ddfcb48593e3bdee7c611644dccd6b22ac9668c0d40379f67e44a0
-
SSDEEP
3072:hkfRRzJNGUbJ6ZOAvQOiv6gNsSV0KP7uCaAJgeO/XdtYkz:UfJbPAYnNT7P7uomeGr
-
Async RAT payload
-
Renames multiple (3062) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Sets desktop wallpaper using registry
-