General
-
Target
8670471253cd842fa0a0afe38749d6c0N.exe
-
Size
4.5MB
-
Sample
240715-fj7vss1gqe
-
MD5
8670471253cd842fa0a0afe38749d6c0
-
SHA1
c9b2075a0984ceb3c961c2bb6534a606a0891ad9
-
SHA256
cd98f4893c2034931017624abd750ff706fd80559500e1f5ddaca4103ab32d42
-
SHA512
ea1d2bf2437c31331cb916526126f2607d634872f9c429d1faf15fba8fb361070c9c3268d0c6fdfd7623af01e8ef8aaeda88aaaf3c665cc3c4a973bba7da57aa
-
SSDEEP
98304:IlMjkLSPPtL5u2/ZRkKsRmdcCZIa3FM+1ajfSEJsWOV1w98gdpTmH+my:VYEPt1uwRWm3Ia3FM+1amEalc8SpTM+/
Static task
static1
Behavioral task
behavioral1
Sample
8670471253cd842fa0a0afe38749d6c0N.exe
Resource
win7-20240705-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
107.175.101.134:6606
107.175.101.134:7707
107.175.101.134:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
WinUpdate2.4.exe
-
install_folder
%AppData%
Targets
-
-
Target
8670471253cd842fa0a0afe38749d6c0N.exe
-
Size
4.5MB
-
MD5
8670471253cd842fa0a0afe38749d6c0
-
SHA1
c9b2075a0984ceb3c961c2bb6534a606a0891ad9
-
SHA256
cd98f4893c2034931017624abd750ff706fd80559500e1f5ddaca4103ab32d42
-
SHA512
ea1d2bf2437c31331cb916526126f2607d634872f9c429d1faf15fba8fb361070c9c3268d0c6fdfd7623af01e8ef8aaeda88aaaf3c665cc3c4a973bba7da57aa
-
SSDEEP
98304:IlMjkLSPPtL5u2/ZRkKsRmdcCZIa3FM+1ajfSEJsWOV1w98gdpTmH+my:VYEPt1uwRWm3Ia3FM+1amEalc8SpTM+/
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-