General
-
Target
Production order List Quotation.pdf.exe
-
Size
924KB
-
Sample
210115-j9zc3dsqwa
-
MD5
bc078bc0b438d5186ff9a7580412a532
-
SHA1
25730487e2562435cd053891ec689a9b8b380399
-
SHA256
8f74c5871c33b4bf63b43f3e7e216dae1cc92e79cd0035422c8eb6768b98dc06
-
SHA512
d85a642736695dbe8645773ea8fb20a14b6c44b1892a136d149c2aa839d2e8ac165362e94b879930945f416e42f9a29874970a998820008e050613f3267f213a
Static task
static1
Behavioral task
behavioral1
Sample
Production order List Quotation.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Production order List Quotation.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.7B
1.remcosagent.com:1993
AsyncMutex_6SI8OkPnk
-
aes_key
zfpcQBbFjdAkORcbNZ0s5ioknjh7mjo2
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
1.remcosagent.com
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
1993
-
version
0.5.7B
Targets
-
-
Target
Production order List Quotation.pdf.exe
-
Size
924KB
-
MD5
bc078bc0b438d5186ff9a7580412a532
-
SHA1
25730487e2562435cd053891ec689a9b8b380399
-
SHA256
8f74c5871c33b4bf63b43f3e7e216dae1cc92e79cd0035422c8eb6768b98dc06
-
SHA512
d85a642736695dbe8645773ea8fb20a14b6c44b1892a136d149c2aa839d2e8ac165362e94b879930945f416e42f9a29874970a998820008e050613f3267f213a
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-