General
-
Target
97415cc05647c3eeb7aac99997a4e4eb64bd3a5b521beb70b1e72a9727d01365
-
Size
45KB
-
Sample
220521-phq1bsaegl
-
MD5
12f60c4b1975f97e3b02c08c05d94e6c
-
SHA1
71c857614d90466621ac2d2458f0cfccffbaf5bc
-
SHA256
97415cc05647c3eeb7aac99997a4e4eb64bd3a5b521beb70b1e72a9727d01365
-
SHA512
dd09469cb306b58d3eccf705e2856d5d6f0f158b4487520dc3f45b74650f077b9dabe978bfb55b5a47e8f07259b8093eca39545d4859033cf6dc42ec85a9ab5e
Static task
static1
Behavioral task
behavioral1
Sample
TRANSFERENCIA DE PAGO A CUENTA BANCARIA DETALLE DE CONFIRMACION IMG-6743856748357485748.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TRANSFERENCIA DE PAGO A CUENTA BANCARIA DETALLE DE CONFIRMACION IMG-6743856748357485748.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
ufyu78r8r7.duckdns.org:8057
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
TRANSFERENCIA DE PAGO A CUENTA BANCARIA DETALLE DE CONFIRMACION IMG-6743856748357485748.exe
-
Size
72KB
-
MD5
2be93df9a3c2e9b0809aa24f46d561f8
-
SHA1
3c3716c0e5721d61afa4997764aa3eaa091505ef
-
SHA256
fbc9106506d47f39fddb3a48693e9b3eb80f400d6c273d1e08ecc7ef417f9352
-
SHA512
92e38a52e72d7a69f6f6781b58423a38dc825dfe4ab5156d457897eb757e8a8888a2c3a1360a7ed3b000c9d96a825e2d7b7226c46b70a02bd4ca28ebd24ee78a
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-