General
-
Target
PO201934-438505-NEW-ORDER-AND-PAYMENT-CONFIRMATION.exe
-
Size
168KB
-
Sample
210617-lw3a7vmnwe
-
MD5
bb6a58cce2b223da8ae9e6c42bce4211
-
SHA1
aac55a4ea8d1d0c0a9e37672b3a6f80b61e5adb3
-
SHA256
0c459d5da908306dc9afa6d18ca7fc3da0baf02ea5ff7c680278bbb2a2a94fd4
-
SHA512
8668dfa6445ba9cd83702781c02874104c6ddd9593cbd8f3ce92d39e8e9c95f2f5bd439fbe4cb0239c25aa36577466df64532829d5002015784c2959bf566600
Static task
static1
Behavioral task
behavioral1
Sample
PO201934-438505-NEW-ORDER-AND-PAYMENT-CONFIRMATION.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO201934-438505-NEW-ORDER-AND-PAYMENT-CONFIRMATION.exe
Resource
win10v20210408
Malware Config
Extracted
asyncrat
0.5.7B
216.250.249.156:1465
216.250.249.156:1560
216.250.249.156:1759
AsyncMutex_6SI8OkPnk
-
aes_key
SzDzVgFRKGpONBi9TMpMqArottthyhhU
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
216.250.249.156
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
1465,1560,1759
-
version
0.5.7B
Targets
-
-
Target
PO201934-438505-NEW-ORDER-AND-PAYMENT-CONFIRMATION.exe
-
Size
168KB
-
MD5
bb6a58cce2b223da8ae9e6c42bce4211
-
SHA1
aac55a4ea8d1d0c0a9e37672b3a6f80b61e5adb3
-
SHA256
0c459d5da908306dc9afa6d18ca7fc3da0baf02ea5ff7c680278bbb2a2a94fd4
-
SHA512
8668dfa6445ba9cd83702781c02874104c6ddd9593cbd8f3ce92d39e8e9c95f2f5bd439fbe4cb0239c25aa36577466df64532829d5002015784c2959bf566600
Score10/10-
Async RAT payload
-
Core1 .NET packer
Detects packer/loader used by .NET malware.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-