General
-
Target
905d2b5bc1104f9105d00772f45d9a01ed4884a231e9feda48535510c7efbde1
-
Size
508KB
-
Sample
220221-m6hyhsaghq
-
MD5
14f149071cc5908b01fbb0d7afb9d2ba
-
SHA1
446d7b34fe9c650c76131570b236e5f4ca3db663
-
SHA256
905d2b5bc1104f9105d00772f45d9a01ed4884a231e9feda48535510c7efbde1
-
SHA512
234e4dc1fca5bf5887bcb0edcc576151e01d1975194a1e990592c7cde2eda88ceef81347a9bd08c18950dd83d0a040b6ebafb98fd8e3bd45a144856bb794e122
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE_PAYMENT.exe
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.6D
NEWYEAR
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
79.134.225.34:6606
79.134.225.34:7707
79.134.225.34:8808
yvlmeiqesk
-
anti_vm
false
-
bsod
false
-
delay
10
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
INVOICE_PAYMENT.exe
-
Size
825KB
-
MD5
d05c3e50c2fe19f0c73104fcdcc69b10
-
SHA1
76d9509cfc31cc5dccf2dab9566a9145be2554bd
-
SHA256
71279240d14f290a3b81f4a9a660c5cdb37d52c7c65c60f1fa035d5b05745537
-
SHA512
7434d374919b6ad96cead1ae18d982bab0293be08dfd1eb6b37d5e1b3788424e14ccd0b0400fa1da5f8675453fdd2baadc7e5b560bf8a015ace75c59d6110516
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Async RAT payload
-
Suspicious use of SetThreadContext
-