General
-
Target
5af88b2d9a192241b2b0e52aed733bdeb190a4af07eacc6940520f7441c04953
-
Size
58KB
-
Sample
220521-plcl4sfee3
-
MD5
34917314f6eed1ac3c5156f3bad50b70
-
SHA1
bb74a3244aec643be2e9e88c09c074f6ec198222
-
SHA256
5af88b2d9a192241b2b0e52aed733bdeb190a4af07eacc6940520f7441c04953
-
SHA512
3ba80f6d199071cac9b4285c886b9fd868a5496dcf900a83579b8d9595b52fd6a54512ef3bcc0327c9628012a62d6d9bf7a941028523b8c10a63dee658d09ed9
Static task
static1
Behavioral task
behavioral1
Sample
MAJDALANI INOX S.A Pedido 050820.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MAJDALANI INOX S.A Pedido 050820.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
GOD'S MERCY
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/reQxa5Ah
Targets
-
-
Target
MAJDALANI INOX S.A Pedido 050820.exe
-
Size
211KB
-
MD5
d5fde7482c0a5271e68c211f9e75e7b6
-
SHA1
c0f734e5c0dcf8fc8527dc4c96bd7bdeb96a245b
-
SHA256
af9b543c27aeb1cb25c7ced83b727b29ab7dc4a91e28b5693d52f810aedab2f6
-
SHA512
ab65a13b031632be848f1676dc6459223c8be4caa34b39343fe1f1eb37c65612359b3bd2ca174df5dae519a68b75463be95b2ea8f27bb340b943c13042872d38
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-