General
-
Target
96ed613ad847a5a835426e8d4da7aa674f504435c953c0414af100a870b2773a
-
Size
179KB
-
Sample
220521-phrlvsfda8
-
MD5
ab55effc282008837ac08a3665c2200d
-
SHA1
9fe95ea62f8cbb42a64518efbbdc65969201193c
-
SHA256
96ed613ad847a5a835426e8d4da7aa674f504435c953c0414af100a870b2773a
-
SHA512
12dd16e0fcb2b9fee5b4d2dd0be990aa8960796b4d3e1e621d93cc9b7b385b801c1b3b655c790f04435374c6ed3f35322cc0e50e5f9d6157cd8fa2799bf87ff3
Static task
static1
Behavioral task
behavioral1
Sample
PO1807200020_XLS.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO1807200020_XLS.scr
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.6A
5
62.102.148.158:62727
82.102.28.107:62727
xfndfpqfqzwft
-
delay
0
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
PO1807200020_XLS.scr
-
Size
271KB
-
MD5
981ee0bdf8ccd8ecaba13eefa6c58fb9
-
SHA1
a70e9310bf6bd033710321e1dfe77d3377237c36
-
SHA256
b05af3b65673a21e658075117c050ce9ebdf47634b64e354a6abf241fc8e8a9e
-
SHA512
ec52f6bd62bbf21de8be391cd2a16ffee274ed5462d5bf23c15d7eea0f535f5741389a15fed9e0ac1feb3c317120a02afd8527ce5493591c54edd4340654686d
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-