General
-
Target
d547b959923e2daa0c3699fe7c8f2983510de50f92db57357cb0322a6fcacbfd
-
Size
202KB
-
Sample
220521-chfhdaghgk
-
MD5
0a9e7e6d8530fa31e14c49e8c6ae0ee6
-
SHA1
926d40cac8921b99f4927eb54e387d78081970e3
-
SHA256
d547b959923e2daa0c3699fe7c8f2983510de50f92db57357cb0322a6fcacbfd
-
SHA512
66f51ad28792cbf933d2de0618d31d8b297f2a56526452b6dd76eccf829159913252412071678c61cf77668f845f30efd663caa2e1588e2c59680a5103369bfc
Static task
static1
Behavioral task
behavioral1
Sample
Doc#6620200947535257653014.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
TOGETHER
chizzy25@/@!7^UPCAZ
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/HKYwiN9V
Targets
-
-
Target
Doc#6620200947535257653014.pdf.exe
-
Size
612KB
-
MD5
8b18e957f0dad8ca9bc4312ff8e0f37f
-
SHA1
1e6871bb4412831e72b63612050317503850a810
-
SHA256
28230658c4bfb33b798e88575098f0be6c2c6e8c20e07e920d4ea175e95f3c3a
-
SHA512
bce3a0efeca0c252623937d7de5a50486c96c98746fe2cc638efbc51b8ed5cb8166a000efc5a41df9c605ecb039c7894674e2cb87428fffc061758ae339013c7
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-