General
-
Target
6c7051d2b3a809e748a98a87a0a75270000a94bb0adc035965516c1573c49671
-
Size
157KB
-
Sample
220521-xla3aafccq
-
MD5
3e4e5c3de3b524ab2b2bdc0d5e6b2b63
-
SHA1
680d68b7b7695d637a7071e592eefd4dc0d93f45
-
SHA256
6c7051d2b3a809e748a98a87a0a75270000a94bb0adc035965516c1573c49671
-
SHA512
f09d675e65c34f6016fbe4094555b0db1c6543271451d7be816547b378f3a88e20dd8cc679927d76ac108ce53c757ad4cb53cbf20bdef7df2e3d785473f03ba1
Static task
static1
Behavioral task
behavioral1
Sample
AWB#5305323204669,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB#5305323204669,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
AWKASUNDAYNIGHT
chizzy25@!7^UPC
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
https://pastebin.com/raw/HKYwiN9V
Targets
-
-
Target
AWB#5305323204669,pdf.exe
-
Size
233KB
-
MD5
dab03f72d77a672205cc10130d2654c6
-
SHA1
83241c5520fdfc26aa7fe4d282f7e7de9018616b
-
SHA256
79125331a3e97dca7542b0f146bcb41429eebf7b790014317463c9239601421a
-
SHA512
1fad7ea231e95080ceef91d02d972db60a8d9096a7d6b3c7d50243b62eb7b07999d1af919787c11f9d3bae8d0fe257e4b97b6fada39e0cf436ef6d00423b5262
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-