General
-
Target
Payment Confirmation Copy.exe
-
Size
565KB
-
Sample
220629-xmgapadgg9
-
MD5
4e64f89d91a60220d759b92fb251fb86
-
SHA1
b60d7ca6732723189624a3a4712796f1698f82c9
-
SHA256
166841dc3992fa90af30558c68eb9176e7d653fc1f98078e4583e68e2c167dc0
-
SHA512
e390b04bfa0512c14ee8f79ba6facf50a5ae7205c70d0d7b590e1382586e2c8a7f0015c12004bcc06ff82e9531cc33946fe39637a7774020d85ad99d852eaa49
Static task
static1
Behavioral task
behavioral1
Sample
Payment Confirmation Copy.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
62.197.136.146:6606
62.197.136.146:7707
62.197.136.146:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Payment Confirmation Copy.exe
-
Size
565KB
-
MD5
4e64f89d91a60220d759b92fb251fb86
-
SHA1
b60d7ca6732723189624a3a4712796f1698f82c9
-
SHA256
166841dc3992fa90af30558c68eb9176e7d653fc1f98078e4583e68e2c167dc0
-
SHA512
e390b04bfa0512c14ee8f79ba6facf50a5ae7205c70d0d7b590e1382586e2c8a7f0015c12004bcc06ff82e9531cc33946fe39637a7774020d85ad99d852eaa49
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-