General
-
Target
Shipping_Documents_INV_PL_and_BL,pdf.exe
-
Size
762KB
-
Sample
210115-27pkkq7c1n
-
MD5
da325b68d3b24d11a3f7b82365ad2c0f
-
SHA1
27c4dd0cee65bed2b2ba62c2471c3ea8839b9ce3
-
SHA256
7acc028b1fdf2fd2d09fec663aca4d5c440ac4f206cc6c45857cee5c8761c335
-
SHA512
b2bd4d4a6fa461701391b196973db40dd5248d319f2f1ba18be1a8354453f805edee647c43dfeeb4320f8cd21c7d401ea40d0082cbd1a15becc733abd0312610
Static task
static1
Behavioral task
behavioral1
Sample
Shipping_Documents_INV_PL_and_BL,pdf.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
null:null
AsyncMutex_6SI8OkPnk
-
aes_key
yFdiISTMNVqtdBU1VShPLhZnkF6gdamp
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
billion
-
host
null
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/Q5Dxj1fY
-
port
null
-
version
0.5.7B
Targets
-
-
Target
Shipping_Documents_INV_PL_and_BL,pdf.exe
-
Size
762KB
-
MD5
da325b68d3b24d11a3f7b82365ad2c0f
-
SHA1
27c4dd0cee65bed2b2ba62c2471c3ea8839b9ce3
-
SHA256
7acc028b1fdf2fd2d09fec663aca4d5c440ac4f206cc6c45857cee5c8761c335
-
SHA512
b2bd4d4a6fa461701391b196973db40dd5248d319f2f1ba18be1a8354453f805edee647c43dfeeb4320f8cd21c7d401ea40d0082cbd1a15becc733abd0312610
-
Async RAT payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-