General
-
Target
be799d1aa2ce0dc36ed20414f0b76fa1d95eafa07a3254297f9fe40b933fd250
-
Size
417KB
-
Sample
220521-pf2n2sadhk
-
MD5
5a03ab236c468b04b8308ffc34e466df
-
SHA1
0eb08eb057050c788ba818f1d82ff40363e0c4c5
-
SHA256
be799d1aa2ce0dc36ed20414f0b76fa1d95eafa07a3254297f9fe40b933fd250
-
SHA512
510c7c2d3ea8e5f691e965ceebb373aa9ae16c4a5ffa840cf5c1f7c0ae3aaf88b33ba0ad84c12f24f4707c9f14ca66cd517214037704a172d8bd8001f76b2fca
Static task
static1
Behavioral task
behavioral1
Sample
New Order Enquiry And Procurement Datasheet For Ohmex Intl Distribution_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order Enquiry And Procurement Datasheet For Ohmex Intl Distribution_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7A
Default
185.165.153.43:5007
hjuy
-
delay
1
-
install
false
-
install_file
asyn.exe
-
install_folder
%AppData%
Targets
-
-
Target
New Order Enquiry And Procurement Datasheet For Ohmex Intl Distribution_pdf.exe
-
Size
1.7MB
-
MD5
e6eb6c896e56f05f71fc7d71d7e41d0b
-
SHA1
dd55c14d8f71d0e48c2bfdaf6071d41e0494b7e8
-
SHA256
c73c50acb6e2081a736fcc05f6d4b330ed4ddb1b0be58a30aef1590dd921e7a9
-
SHA512
df4e7f16b63cd7e758cbca87642539262ed3fecd78e41c5a22047ee76df998143ed0030addf7df068ba0270a8a87e9edaabb2c5e4eda5e30d7ee161ffbbf3822
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-