General
-
Target
INV_FG5982.iso
-
Size
1.8MB
-
Sample
210117-bjkp449bn2
-
MD5
fb0d67e5da83cd365d44d141c9e7a63c
-
SHA1
f09cae99eccc86872b567fbae8083492c2dfd0b2
-
SHA256
1a6a7ea1669f66f5e5249b3acabc68f4ef1fbe770f016dbbf47a2de4dc545c12
-
SHA512
b1e0f29da05c4a4be2a640da0c44ab65331d4b0642c406267eb8ea1712a0b673caa1dd4df9f91dad5a0412aaf6018460825cf88f442fb0bf64becca3c35b5e44
Static task
static1
Behavioral task
behavioral1
Sample
INV_FG59.EXE
Resource
win7v20201028
Behavioral task
behavioral2
Sample
INV_FG59.EXE
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.7B
54.36.220.171:7707
54.36.220.171:8808
54.36.220.171:5050
Mutex_6SI8OkPnk
-
aes_key
DiOIHNqQSoNMUZLXqq4Zuqb1foyxPfJ1
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
last_Last
-
host
54.36.220.171
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
Mutex_6SI8OkPnk
-
pastebin_config
null
-
port
7707,8808,5050
-
version
0.5.7B
Targets
-
-
Target
INV_FG59.EXE
-
Size
1.2MB
-
MD5
97995b3f92bf70117841d386fe556497
-
SHA1
b817858dbe60a1975adbb7fa00524a65f38077e0
-
SHA256
02d0d2a6ee7f1e728599f0e16ff5bb3618a67fd63d0cb1f20a90ac2fe8eca670
-
SHA512
ab4a84fcd4b1bc7f73a22f671d65cb3ba2c5c396fc88d1db23cd641467961186fbfe530288e1fb548170b7af9bffbc620ca486d86ae5629908f64241246b8399
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-