General
-
Target
e5e7b198022979048735000654f0eefd356fbe2e4a084d2e5c38860c0452b4d4
-
Size
372KB
-
Sample
220521-xkfldabhf2
-
MD5
a0536882a96887d395f764ca79afff69
-
SHA1
c6512c136aec27bac81c42ee41c470f78858852b
-
SHA256
e5e7b198022979048735000654f0eefd356fbe2e4a084d2e5c38860c0452b4d4
-
SHA512
dcaeb879cf2ed0d464e5ab5b45c49ec9113deb8c766599c13a12213b500fb906b711db9f9e5953998c5bf945c73a37530a680bca3da6a2d2a73e009b97837d62
Static task
static1
Behavioral task
behavioral1
Sample
Purchase__Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase__Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
SLAVES MONDAY
194.5.98.81:3434
AsyncMutex_6363f86fs6fw6f
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Purchase__Order.exe
-
Size
535KB
-
MD5
a08f53208b0832720dc057d5b2d17e97
-
SHA1
fe2ef8a2d445b410fa67a681285a3eab290ad295
-
SHA256
ab8633debd051d65dde309e985c402d59ec5615a030c17714389c6f3e9ab3899
-
SHA512
b349117988ebb5f4f6963697cb00c1a02f18f5b5d288ba84d8429e7cb63ca145ee157d0b6c40728da2dda59611c240884c76e01252aff368fca30ceb5455f6c2
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-