General
-
Target
37d33a8697abfd1ce089273d6d527569a2644fabe6ca5eab520b29e86d75d362
-
Size
267KB
-
Sample
241012-x5lm5axdnd
-
MD5
1a7ea31f87942c5f07fea28b6ec823aa
-
SHA1
3804138c05a13719b0fd76e68e4c682782ce7f1e
-
SHA256
37d33a8697abfd1ce089273d6d527569a2644fabe6ca5eab520b29e86d75d362
-
SHA512
ff4a1664230aae9162824b256b4d52105f8024b95cd1e63ec6f294f141e2dee9c70ffe99b077f9f5e702eecca263adfe63c4d7813e88ce631df2aa20253e39c9
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8sdN:WFzDqa86hV6uRRqX1evPlwAEdN
Static task
static1
Behavioral task
behavioral1
Sample
37d33a8697abfd1ce089273d6d527569a2644fabe6ca5eab520b29e86d75d362.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
37d33a8697abfd1ce089273d6d527569a2644fabe6ca5eab520b29e86d75d362.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
0.4.9G
corporation.warzonedns.com:9341
480-28105c055659
-
delay
0
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
37d33a8697abfd1ce089273d6d527569a2644fabe6ca5eab520b29e86d75d362
-
Size
267KB
-
MD5
1a7ea31f87942c5f07fea28b6ec823aa
-
SHA1
3804138c05a13719b0fd76e68e4c682782ce7f1e
-
SHA256
37d33a8697abfd1ce089273d6d527569a2644fabe6ca5eab520b29e86d75d362
-
SHA512
ff4a1664230aae9162824b256b4d52105f8024b95cd1e63ec6f294f141e2dee9c70ffe99b077f9f5e702eecca263adfe63c4d7813e88ce631df2aa20253e39c9
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/s8sdN:WFzDqa86hV6uRRqX1evPlwAEdN
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-