General
-
Target
RFQ-PO#20222906.js
-
Size
197KB
-
Sample
220701-lv3ccaeac3
-
MD5
558ced74df141e2e8f4a340edccd5e16
-
SHA1
09e29290df81916a3621bcde3c467b1af2228a24
-
SHA256
b090d245e1cc85444c011b6b6c9c73dfa85f8e1ff5f3449d2e807552c7db6f7d
-
SHA512
9ffc284caf3c745831b38445cfed7c664559bfb0f86348c844fc0ab4542180c7389efe61c3f0f9aeb7dbe398f7a8b147d9d0e69b3da3d9d080fea35458d4f3be
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-PO#20222906.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ-PO#20222906.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
franmhort.duia.ro:8153
Mutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
win.exe
-
install_folder
%AppData%
Targets
-
-
Target
RFQ-PO#20222906.js
-
Size
197KB
-
MD5
558ced74df141e2e8f4a340edccd5e16
-
SHA1
09e29290df81916a3621bcde3c467b1af2228a24
-
SHA256
b090d245e1cc85444c011b6b6c9c73dfa85f8e1ff5f3449d2e807552c7db6f7d
-
SHA512
9ffc284caf3c745831b38445cfed7c664559bfb0f86348c844fc0ab4542180c7389efe61c3f0f9aeb7dbe398f7a8b147d9d0e69b3da3d9d080fea35458d4f3be
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-