General
-
Target
beeaf2d429366f0fc23e5934c3c27cbea8fd6deec0d9a88395baa807836d78bf
-
Size
297KB
-
Sample
220520-19zx4aehg9
-
MD5
55a4a8bde8896304baddaf01b2cc4b63
-
SHA1
5a181c4ed84929e17ce2db62f8e4ed3595d5155e
-
SHA256
beeaf2d429366f0fc23e5934c3c27cbea8fd6deec0d9a88395baa807836d78bf
-
SHA512
8cbf51c6bf1f907891f0dcb9a3e1f101bd3483cc89cc64b644e743bf9c1bab8a5dfbb377562bdd990e7ca05cc7ac0aa2b47c335c1da5eba62a928d67591d6176
Static task
static1
Behavioral task
behavioral1
Sample
顧客訂單_081720.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
顧客訂單_081720.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
GOD'S MERCY
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/reQxa5Ah
Targets
-
-
Target
顧客訂單_081720.exe
-
Size
399KB
-
MD5
fca5062e93aad2523c6bb28f1147629d
-
SHA1
9269d7bdd9332107c524ad9280dfb8cef0bcc6a2
-
SHA256
9be04012b4927a7e93498068acaaac6e157192df66509a20079fa39084735247
-
SHA512
9195d99b6d8c547920a13f7a483fa71706145f09f1aa7ea3c552e5d48ed9a824314ccaefa30b0a869bbc7a6c82483be350a8ca759ac3eeabe9026432c104ab45
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-