General
-
Target
invoice.exe
-
Size
688KB
-
Sample
220126-r9bqtseed4
-
MD5
720b1afcfa57b140329465ecbcdec31e
-
SHA1
be0387473f50e017a13e3a097ac80cca00bd0350
-
SHA256
c306becc8baa90c1d305a2dd9dfb7649ecbc51f356553da16d4300ac728cea3c
-
SHA512
134750da6778a2ce634c579cd2b26344d9a164ec026e737f368dad5d5738472fb4afc10e8310e837c7a896dc94b15b7639ed92d5a71594ebe27376e4603475a3
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
exportmunic007.duckdns.org:6606
exportmunic007.duckdns.org:7707
exportmunic007.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
invoice.exe
-
Size
688KB
-
MD5
720b1afcfa57b140329465ecbcdec31e
-
SHA1
be0387473f50e017a13e3a097ac80cca00bd0350
-
SHA256
c306becc8baa90c1d305a2dd9dfb7649ecbc51f356553da16d4300ac728cea3c
-
SHA512
134750da6778a2ce634c579cd2b26344d9a164ec026e737f368dad5d5738472fb4afc10e8310e837c7a896dc94b15b7639ed92d5a71594ebe27376e4603475a3
-
Async RAT payload
-
Suspicious use of SetThreadContext
-