General
-
Target
INVOICE SWIFT.scr
-
Size
825KB
-
Sample
210106-yr9gk27t3e
-
MD5
56b720aefb701c0b399f08304b2d8259
-
SHA1
07f620a3f16fe547cd61207f7ea73a98486da995
-
SHA256
153c15e3573b191c91b9355f3c02bace3830f19108e313f64d909509420ea1a7
-
SHA512
c3536f94d52269a14ae57347669f66a620aef75fadfe7e4c1f1674342d47d790e8611da80a4c37f8722a4a7ff3ab494e735060389a3882a949618b1c459b4387
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE SWIFT.scr
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.6D
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
79.134.225.22:6606
79.134.225.22:7707
79.134.225.22:8808
zcqpcbhuoliwhfa
-
aes_key
UdKKLbjrvVElx2zAu9O2JlfsxRCVHO9C
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
NEWFILE
-
host
127.0.0.1,79.134.225.22
-
hwid
1
- install_file
-
install_folder
%AppData%
-
mutex
zcqpcbhuoliwhfa
-
pastebin_config
null
-
port
6606,7707,8808
-
version
0.5.6D
Targets
-
-
Target
INVOICE SWIFT.scr
-
Size
825KB
-
MD5
56b720aefb701c0b399f08304b2d8259
-
SHA1
07f620a3f16fe547cd61207f7ea73a98486da995
-
SHA256
153c15e3573b191c91b9355f3c02bace3830f19108e313f64d909509420ea1a7
-
SHA512
c3536f94d52269a14ae57347669f66a620aef75fadfe7e4c1f1674342d47d790e8611da80a4c37f8722a4a7ff3ab494e735060389a3882a949618b1c459b4387
-
Async RAT payload
-
Suspicious use of SetThreadContext
-