General
-
Target
7867c54c88c7ff0ae6687c0f6ab6c903e1b42ac9aaa17744c85da6f9a824d5f9
-
Size
165KB
-
Sample
220520-29gl7agdh3
-
MD5
aeaa127b1568b9a60c166f4822091a66
-
SHA1
dad5ba684612abbae87ab124a85b2334a21df8af
-
SHA256
7867c54c88c7ff0ae6687c0f6ab6c903e1b42ac9aaa17744c85da6f9a824d5f9
-
SHA512
600f583e5a22cd1f2c6c11101b7f036aeba4aa5fc682af84d9d206c8edcc13ae8e6ea0e0953c4e67560004774ca1f1cb66561fdcf7b026653963eda0644158b2
Static task
static1
Behavioral task
behavioral1
Sample
Summer_richiesta_di_preventivo_070820.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Summer_richiesta_di_preventivo_070820.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
GOD'S MERCY
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/reQxa5Ah
Targets
-
-
Target
Summer_richiesta_di_preventivo_070820.exe
-
Size
248KB
-
MD5
5cc4ae3ea66ca80fa701b8e1ff5b8793
-
SHA1
148d80f999f069a5fd027eabfc9eae7d08f8e39b
-
SHA256
427254247932e569d3f40be5ce149266b0a87ed13756ab558818dae5dcabb44a
-
SHA512
18416940b4983137e22cc52a473cd73217307981b0ce7705180e5cd5c3e60ba8b17d2fddf1f0547668c6b1c385e6e01ad6bfc1fd4836dd41e2941b21bd2a7706
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-