General
-
Target
74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8
-
Size
207KB
-
Sample
220521-xjtfvabhb9
-
MD5
55b4d3a324972f2aca755a6d6c181212
-
SHA1
213045b32c0817eb6a6f91635dc632bb25c0d048
-
SHA256
74a3205e3a8f881af4b7b48d71854b2484eb9d3ea631e24b45c2c36278c187b8
-
SHA512
195e86fa179d304ff6a7e0c380b6b893264c8b64e309f896e5900958278fd16ad75d3d1519c646d77225b2dd8ee0148e4e30c4cf8fc576591e0d09662efa9f09
Static task
static1
Behavioral task
behavioral1
Sample
Doc#66202009475352576530141.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
TOGETHER
chizzy25@/@!7^UPCAZ
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/HKYwiN9V
Targets
-
-
Target
Doc#66202009475352576530141.pdf.exe
-
Size
414KB
-
MD5
b54eea6b86a4ea7a743e1db549ea54f9
-
SHA1
2291b8a0e39ca979d0373f98fd2ba8e86105da65
-
SHA256
9ff9a09c4e1ff0b737d630660b25335cded1fbe365628b5d6e59211e7d8ff53c
-
SHA512
d5a477a98e5d8939fbcd97d05585fcc6a8f6f8d5e9eb95bf1d220d2ff7fb89d34c8aa83b2708d54ce1b861feab79b39d7ad6ce25557a4e5c50df5173cac33e64
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-