General
-
Target
7f7e5dbb3a9a8eaf64415ff8ec0ae985fb8b9d3882693231dc016f263d83f4c0
-
Size
544KB
-
Sample
220521-pjmdjaafbp
-
MD5
3754efa33a1c67dea4497a2da1f6ca4a
-
SHA1
6a2aeb29f952eedc58428990983072266f3e860f
-
SHA256
7f7e5dbb3a9a8eaf64415ff8ec0ae985fb8b9d3882693231dc016f263d83f4c0
-
SHA512
b00c1bda2a2c613de403bbef4ee178482fa827d290ab4cdcd1bc50adf3be1654beaa6a448d410ea22f15e5d49bcfaea67a299845d5b0426d6d045ce4822172d6
Behavioral task
behavioral1
Sample
UD_PO_000681.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
UD_PO_000681.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
cbcc
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
billionaire.exe
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/8wApsDtD
Targets
-
-
Target
UD_PO_000681.exe
-
Size
483KB
-
MD5
24a8d8c071bbb496ba8e64e7817fd6c9
-
SHA1
f40194270a9475aeb044a062bd7ef9376d8ed857
-
SHA256
c890bc2e899bdb9c2a7cbe9ab52b852c5ea6832e44615f2afc66ab47925866d2
-
SHA512
c4dcbb0b0fdc7469c6e5abc038867f3c65e179a3692dc884d7713db20c2fdefb4f96d5369210aedf807008cbe3821b05fb2a162c45a603aa0c68d56962d4e9a0
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-