General
-
Target
e-dekont.pdf.exe
-
Size
675KB
-
Sample
210419-mjqmbnpjv2
-
MD5
231032805835e5992d7be55cd281e28a
-
SHA1
a32819de35a59c23dad01c62fbb1be5a2a96fa19
-
SHA256
57dc7782af4f8595d5663d6308cf8f132ba09efe1fb53d7573ccfa298a33ed7a
-
SHA512
be6d5dca1f03d292a1f907cc7d11a85500cc315e4b8bd3fb25e63cdb6105399679e5ab3f626dd0eeb91e30df1be6264de43ee27d2187043fa5cd8fb54e544971
Static task
static1
Behavioral task
behavioral1
Sample
e-dekont.pdf.exe
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
194.156.90.31:5004
AsyncMutex_6SI8OkPnk
-
aes_key
HDFxJ480h98cocmnXczBVateXyWu1kTP
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
194.156.90.31
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
5004
-
version
0.5.7B
Targets
-
-
Target
e-dekont.pdf.exe
-
Size
675KB
-
MD5
231032805835e5992d7be55cd281e28a
-
SHA1
a32819de35a59c23dad01c62fbb1be5a2a96fa19
-
SHA256
57dc7782af4f8595d5663d6308cf8f132ba09efe1fb53d7573ccfa298a33ed7a
-
SHA512
be6d5dca1f03d292a1f907cc7d11a85500cc315e4b8bd3fb25e63cdb6105399679e5ab3f626dd0eeb91e30df1be6264de43ee27d2187043fa5cd8fb54e544971
-
Async RAT payload
-
Suspicious use of SetThreadContext
-