General
-
Target
Quotation Request#3000060021.exe
-
Size
527KB
-
Sample
220630-ta2jbaccgq
-
MD5
21609ba452113bcb4e1054138c533576
-
SHA1
e7e59d79f9f0c911b82219808cdd07b0c6ed1d20
-
SHA256
73dd28b5d2f8c9bf0cd6a3b14b660429ea13146457d1307fb9d8b2eccdb1c589
-
SHA512
c42aba886f32344df73024c6e824431d0e467e63eb324107cd50f2e9eec4965dfd13ca061e26d1c5f7fd2359643a293f1def287180db87668a4da9a4446df703
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request#3000060021.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
62.197.136.146:5672
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Quotation Request#3000060021.exe
-
Size
527KB
-
MD5
21609ba452113bcb4e1054138c533576
-
SHA1
e7e59d79f9f0c911b82219808cdd07b0c6ed1d20
-
SHA256
73dd28b5d2f8c9bf0cd6a3b14b660429ea13146457d1307fb9d8b2eccdb1c589
-
SHA512
c42aba886f32344df73024c6e824431d0e467e63eb324107cd50f2e9eec4965dfd13ca061e26d1c5f7fd2359643a293f1def287180db87668a4da9a4446df703
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-