General
-
Target
Production order List Quotation.pdf.exe
-
Size
874KB
-
Sample
210115-p2lcq3s2te
-
MD5
30028635a4d6eaceee5c23499f73aa3a
-
SHA1
94ee1f211c7c5e14cf5835071cf16f239eefebd7
-
SHA256
e9b025c3083c60b1260f6c9b6909f3c80aa7861814b4cee817b5485bb9b3e700
-
SHA512
5a9597eeca40dd4ad0e82730608e8527c239e7459423f3b530e49cc0e174eaf79193865c0fa6e610c36b0ef353c4e35ddf290c95ea88b9dd82b27aeb8697f360
Static task
static1
Behavioral task
behavioral1
Sample
Production order List Quotation.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Production order List Quotation.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.7B
1.remcosagent.com:1993
AsyncMutex_6SI8OkPnk
-
aes_key
zfpcQBbFjdAkORcbNZ0s5ioknjh7mjo2
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
1.remcosagent.com
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
1993
-
version
0.5.7B
Targets
-
-
Target
Production order List Quotation.pdf.exe
-
Size
874KB
-
MD5
30028635a4d6eaceee5c23499f73aa3a
-
SHA1
94ee1f211c7c5e14cf5835071cf16f239eefebd7
-
SHA256
e9b025c3083c60b1260f6c9b6909f3c80aa7861814b4cee817b5485bb9b3e700
-
SHA512
5a9597eeca40dd4ad0e82730608e8527c239e7459423f3b530e49cc0e174eaf79193865c0fa6e610c36b0ef353c4e35ddf290c95ea88b9dd82b27aeb8697f360
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-