General
-
Target
938483_2930_8483_invoice_3473_november_2021.pdf.exe
-
Size
1.2MB
-
Sample
220125-k9mprschbq
-
MD5
668cbb9d01d55ca7ec4e1a41d498ea34
-
SHA1
ee3b32d73904bc7111524611b94b058d7cabbdaa
-
SHA256
0e7d9b0985b55dbf3c9978c57f6cf0c76e36751517ad6b224cdee2fe221cc9ca
-
SHA512
5ef8541cfc6857abbb30a0a5bcc50ec7e14f0750e9695fcb4b011675cbf29fa0cd99cafc9ccb1e47d9337088da159e0d8bce7058c578bdc6171646bc9f75ca8a
Static task
static1
Behavioral task
behavioral1
Sample
938483_2930_8483_invoice_3473_november_2021.pdf.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
exportmunic007.duckdns.org:6606
exportmunic007.duckdns.org:7707
exportmunic007.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
938483_2930_8483_invoice_3473_november_2021.pdf.exe
-
Size
1.2MB
-
MD5
668cbb9d01d55ca7ec4e1a41d498ea34
-
SHA1
ee3b32d73904bc7111524611b94b058d7cabbdaa
-
SHA256
0e7d9b0985b55dbf3c9978c57f6cf0c76e36751517ad6b224cdee2fe221cc9ca
-
SHA512
5ef8541cfc6857abbb30a0a5bcc50ec7e14f0750e9695fcb4b011675cbf29fa0cd99cafc9ccb1e47d9337088da159e0d8bce7058c578bdc6171646bc9f75ca8a
-
Async RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-