General
-
Target
SOPORTE DE TRANSFERENCIA BANCO AGRARIO DE COLOMBIA.exe
-
Size
1.0MB
-
Sample
210114-rqj4ppvt76
-
MD5
4125dc4cedd5145802059e6f56491c67
-
SHA1
8eb676931c46ececa90e400d23369a6c5f3294f1
-
SHA256
b96849a992512df5e9cf349bdbaea4ec4a297a9d334aca6ae32d921ccb844e1f
-
SHA512
cc20208af6817c0c64bbf37ad0f2057857c00a81b2fe0bccbc0c37c02db78caedd0332b15f83cc14bafbb46af893b4a8fbf5bade4e553a1382ec42080f763b32
Static task
static1
Behavioral task
behavioral1
Sample
SOPORTE DE TRANSFERENCIA BANCO AGRARIO DE COLOMBIA.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SOPORTE DE TRANSFERENCIA BANCO AGRARIO DE COLOMBIA.exe
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.7B
jesuslopez19011.duckdns.org:1881
AsyncMutex_6SI8OkPnk
-
aes_key
a9t0tuVlARBorSOG6HaEdksAb0k95PZR
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
jesuslopez19011.duckdns.org
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
1881
-
version
0.5.7B
Targets
-
-
Target
SOPORTE DE TRANSFERENCIA BANCO AGRARIO DE COLOMBIA.exe
-
Size
1.0MB
-
MD5
4125dc4cedd5145802059e6f56491c67
-
SHA1
8eb676931c46ececa90e400d23369a6c5f3294f1
-
SHA256
b96849a992512df5e9cf349bdbaea4ec4a297a9d334aca6ae32d921ccb844e1f
-
SHA512
cc20208af6817c0c64bbf37ad0f2057857c00a81b2fe0bccbc0c37c02db78caedd0332b15f83cc14bafbb46af893b4a8fbf5bade4e553a1382ec42080f763b32
Score10/10-
Modifies WinLogon for persistence
-
Turns off Windows Defender SpyNet reporting
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-