General
-
Target
8bd4e5638b1e7e663c793a1e53bc44ba23e671e1a9f77c8bd8d1928f971cb131
-
Size
1.1MB
-
Sample
241110-de471a1lgr
-
MD5
9b825be916bc8914b9ffcf4f5426241c
-
SHA1
587eae0d81d563668f25258711d47958b41ae4cb
-
SHA256
8bd4e5638b1e7e663c793a1e53bc44ba23e671e1a9f77c8bd8d1928f971cb131
-
SHA512
8cc12b0e52cbdd24c9809c311b942c530264d58e15f1aeeb1f51d3c219e3489b3ae8bc9457131ae302956c78b54aca1e611ba48a7cf6ca7e495588333ad348e3
-
SSDEEP
24576:sgmyZEbdsW36Dfw7TNs9a7WFZgGdT8jANa/D1Gi:s9WEbBIaCGWFZQAqD7
Static task
static1
Behavioral task
behavioral1
Sample
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5.exe
Resource
win7-20241010-en
Malware Config
Extracted
asyncrat
1.0.7
Default
isabelaflores.fun:7000
ServicesMutex_qwqdanchun
-
delay
240
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5.exe
-
Size
1.9MB
-
MD5
73ce5f094321f2683b7846397b3d5a8c
-
SHA1
d17102bc9d37a5ff9506dfbf94d0608378fae2c6
-
SHA256
274e4c594cfadeda5b78076c2791ab57d35b6b9bab954c30a2053d17812e1aa5
-
SHA512
20eac921ba5dbc25ac0b751c768540fb3d54b4b359ce638dd7168bf57e12c0450a1b42db0c90b59be49c84fad289ee5e7b5e3ac683d66664d0d5f1adccc89c8e
-
SSDEEP
24576:oDlxLeM+sLqZS62SiyY4TWKaJTXogjqpn5WMAw3FKvKvPoxBoOux5lUA4X+he6P2:K3Ci334noyvnbzJ8eF
-
Asyncrat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3