General
-
Target
5d1cb8ef0509dc00fb09516e19457658a5b731061808bb09205c7e17ec96f2cf
-
Size
336KB
-
Sample
220521-pk8yxsfed5
-
MD5
8b9d1958765f8f734f17f8668b4b7291
-
SHA1
4432bec1a7cfa5b0c987888f5c3c1adae6514a3a
-
SHA256
5d1cb8ef0509dc00fb09516e19457658a5b731061808bb09205c7e17ec96f2cf
-
SHA512
a323cca21e79fb647f6f22db97cf86bd089350c68227cdc03738709d3b07ad5848b77958fb00d53a0089beffe595a0955020d0803745288e1d6c39508ac39a0e
Static task
static1
Behavioral task
behavioral1
Sample
DETALLE DE PAGO CONFIRMACION Y SOPORTE pdf img-75849859485948594308594308.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DETALLE DE PAGO CONFIRMACION Y SOPORTE pdf img-75849859485948594308594308.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
gfsgvbxcv.duckdns.org:8057
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
DETALLE DE PAGO CONFIRMACION Y SOPORTE pdf img-75849859485948594308594308.exe
-
Size
1.1MB
-
MD5
cb261cc178d2739834dca967f0f190b7
-
SHA1
ac6d43500739a513a302b7bb4703f42369bbfca9
-
SHA256
54d46ffbefae7f6025765c0c274f7f87714e5467da8926967efb01025693bb8e
-
SHA512
7fcf93c3f4f0219420c1304127d3036c05ed16c49fe66a24ad48eea2ec5bb7047a7beabe864908603822a86c5186e9d1b8a06546c11e75fc6c4ced57ea7af01d
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Suspicious use of SetThreadContext
-