General
-
Target
HY_RAY_RFQ,pdf .exe
-
Size
812KB
-
Sample
210116-zk417azx9n
-
MD5
16e55e5dbbf48b3f0d453ac7fcccd908
-
SHA1
7705956e0cf0d5d3e0429c1539dfc204e01c7d87
-
SHA256
f641d9449ad546a0e9ff2f015ff03f9ce0263867caaef3a5cc462fd9b685b928
-
SHA512
111812911c27801addb81373f3dcc7c2f3200c44e2ddcca33fe4989bfc81b5fd6662f2db33e0ae79a36787985ed1e6fc756baf8e4dda847111beb134f4afea5d
Static task
static1
Behavioral task
behavioral1
Sample
HY_RAY_RFQ,pdf .exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
null:null
AsyncMutex_6SI8OkPnk
-
aes_key
yFdiISTMNVqtdBU1VShPLhZnkF6gdamp
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
billion
-
host
null
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/Q5Dxj1fY
-
port
null
-
version
0.5.7B
Targets
-
-
Target
HY_RAY_RFQ,pdf .exe
-
Size
812KB
-
MD5
16e55e5dbbf48b3f0d453ac7fcccd908
-
SHA1
7705956e0cf0d5d3e0429c1539dfc204e01c7d87
-
SHA256
f641d9449ad546a0e9ff2f015ff03f9ce0263867caaef3a5cc462fd9b685b928
-
SHA512
111812911c27801addb81373f3dcc7c2f3200c44e2ddcca33fe4989bfc81b5fd6662f2db33e0ae79a36787985ed1e6fc756baf8e4dda847111beb134f4afea5d
-
Async RAT payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-