General
-
Target
payment_advice.exe
-
Size
378KB
-
Sample
220114-vtqftshffm
-
MD5
8c111a2fb2509662db26b214b72e4e36
-
SHA1
1706e12b96c88c74b1551184770221ae90eded88
-
SHA256
18dee23d492e67fd0644205091068422a7322f94f9028a4a85a87505e6003cb8
-
SHA512
75f03d45240f22e92f3a6d0133de64ccb7e4d59d0b4eafbc8b44f668e7f3d98580cd486c36aaa110d7ee67b9aa3373b597e427c2c86a54b659e1ad880bc9cb87
Static task
static1
Behavioral task
behavioral1
Sample
payment_advice.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
185.222.57.80:6275
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
20
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
payment_advice.exe
-
Size
378KB
-
MD5
8c111a2fb2509662db26b214b72e4e36
-
SHA1
1706e12b96c88c74b1551184770221ae90eded88
-
SHA256
18dee23d492e67fd0644205091068422a7322f94f9028a4a85a87505e6003cb8
-
SHA512
75f03d45240f22e92f3a6d0133de64ccb7e4d59d0b4eafbc8b44f668e7f3d98580cd486c36aaa110d7ee67b9aa3373b597e427c2c86a54b659e1ad880bc9cb87
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Suspicious use of SetThreadContext
-