General
-
Target
9e67211ceec280aedb01a69a61241af34c484be69c160313408309c56a59214a
-
Size
173KB
-
Sample
220521-xkyrysfcbj
-
MD5
8638c62d1217deb422a24e9e952bba02
-
SHA1
cfc6ae58463e03da00c7d4c8fdeae33418381b16
-
SHA256
9e67211ceec280aedb01a69a61241af34c484be69c160313408309c56a59214a
-
SHA512
2787d3d26c0dbb15e5d8897b8c146d798caf30c0c15ca949fc218a4dd765571d80d1d7c4e2e3b25d664532d642ac262dca3d9817544e3207dabc582a626c9cb2
Static task
static1
Behavioral task
behavioral1
Sample
New Purchase Order.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
freshg.ddns.net:2256
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
logs.exe
-
install_folder
%AppData%
Targets
-
-
Target
New Purchase Order.exe
-
Size
287KB
-
MD5
072c089d4dbca02a4ae028d984f4cc03
-
SHA1
3bd3b2dd8b8876c64bf528ee503c5ff2a893f897
-
SHA256
4c66ebb40e5abd92b6a6985e8409116c5424ebb9af0c320cbafb031698e5022c
-
SHA512
3f2988a4f256e1b4cb07af531798d7d3bd445f27a81aecf15f200cc8aa1c2fdaff591e9865965468d651a7d578808550dfba95d959d74eb7a1abd3c667af67ac
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-