General
-
Target
8b81793a9208e59123733d44c31e992e32ebdd5d4700d05c14c4982395b44486
-
Size
104KB
-
Sample
220521-pjbl2aafan
-
MD5
dedeb7141baef5a9e50639cde06a30c2
-
SHA1
773abd45701b6988aff29323362384097d5e7a1a
-
SHA256
8b81793a9208e59123733d44c31e992e32ebdd5d4700d05c14c4982395b44486
-
SHA512
c399bc9b3a59883ebd8e9f9408a689ae0da24203333a04f31ab3d8c6c89120df26f2f59123068e59a42c61bc743214c05eec23ea5b93053faf0f7c8486915f3f
Static task
static1
Behavioral task
behavioral1
Sample
MAJDALANI INOX SA Pedido.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MAJDALANI INOX SA Pedido.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
GOD'S MERCY
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/reQxa5Ah
Targets
-
-
Target
MAJDALANI INOX SA Pedido.exe
-
Size
185KB
-
MD5
4abe1482b72bc41218cfa12516674b21
-
SHA1
f3f228fe5c3bd9a903cfe891ea46ecfbe69de784
-
SHA256
ba1c5f36a287271ae64d7fb5e803ced708a75ac3398448f8c3000cf9f2897f86
-
SHA512
256da1cb7be9e593325b23056c9fd10b6c274eb4e5d673186b97a92347b2b36c4c38e324c5e8d489e638b943a114e7f16cbfb7352b44eb6fdfc5cb037a081a2c
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-