General
-
Target
PAYMENT_COPIER-PDF.exe
-
Size
614KB
-
Sample
210115-syyjw4hz4e
-
MD5
420b8126273bae41ebcf03c1d90ff581
-
SHA1
d30d32a0993778df3823e8a7a896ddcab8fd8c94
-
SHA256
5cefff6712f29c6f7fe30bfd3f7d1e790e5474ef242304a91348369b3c1afcab
-
SHA512
5809f09897dc4fa94c15f29f5942ca873ad74a4509e5e28db54dd739fd171cf68046321bb61afc54a9795d315962822afdc9dfe99d9a9b8612e1b98a7cffb7da
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT_COPIER-PDF.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.6D
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
79.134.225.22:6606
79.134.225.22:7707
79.134.225.22:8808
91.193.75.122:6606
91.193.75.122:7707
91.193.75.122:8808
zvnqorsaslyyrhro
-
aes_key
RqLMDJRwW683DhbzEvUdl4n3FCMZGQW8
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
NEWFILE
-
host
127.0.0.1,79.134.225.22,91.193.75.122
-
hwid
10
- install_file
-
install_folder
%AppData%
-
mutex
zvnqorsaslyyrhro
-
pastebin_config
null
-
port
6606,7707,8808
-
version
0.5.6D
Targets
-
-
Target
PAYMENT_COPIER-PDF.exe
-
Size
614KB
-
MD5
420b8126273bae41ebcf03c1d90ff581
-
SHA1
d30d32a0993778df3823e8a7a896ddcab8fd8c94
-
SHA256
5cefff6712f29c6f7fe30bfd3f7d1e790e5474ef242304a91348369b3c1afcab
-
SHA512
5809f09897dc4fa94c15f29f5942ca873ad74a4509e5e28db54dd739fd171cf68046321bb61afc54a9795d315962822afdc9dfe99d9a9b8612e1b98a7cffb7da
-
Async RAT payload
-
Suspicious use of SetThreadContext
-