General
-
Target
Faktura ref. # IRQ-21-07778.exe
-
Size
697KB
-
Sample
220125-khlndscbhp
-
MD5
d2c4ad3484a598f0848a7947fc45175f
-
SHA1
2c7807352b5ece76d1e0364acdcfce3bc2cd9b72
-
SHA256
1b662d7015e25e2eba4e7b535732df5310c28ddd80797c260eebadfed1a1197d
-
SHA512
366f15e329de3e504cc2a91e17129377b07815f19cd849e30d776eadac0ad3d57f5b8b5182bfc2bd80ba99839903f794649310c21f46c3447662d762b1288b5e
Static task
static1
Behavioral task
behavioral1
Sample
Faktura ref. # IRQ-21-07778.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
89.238.150.43:57095
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
true
-
install_file
chromeex.exe
-
install_folder
%Temp%
-
pastebin_config
null
Targets
-
-
Target
Faktura ref. # IRQ-21-07778.exe
-
Size
697KB
-
MD5
d2c4ad3484a598f0848a7947fc45175f
-
SHA1
2c7807352b5ece76d1e0364acdcfce3bc2cd9b72
-
SHA256
1b662d7015e25e2eba4e7b535732df5310c28ddd80797c260eebadfed1a1197d
-
SHA512
366f15e329de3e504cc2a91e17129377b07815f19cd849e30d776eadac0ad3d57f5b8b5182bfc2bd80ba99839903f794649310c21f46c3447662d762b1288b5e
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-