General
-
Target
5639a8c405d3ef3c0d64057e755a3a324ea6aed05909f09697dd60cf98e447b4
-
Size
290KB
-
Sample
220701-r47w3sacd7
-
MD5
d97c46af73791e0be121e02c4ad22a8d
-
SHA1
d5f48d38149c9292d9ffdf795125bd8dc69ade17
-
SHA256
5639a8c405d3ef3c0d64057e755a3a324ea6aed05909f09697dd60cf98e447b4
-
SHA512
cad3dc978fab00c0c1113386c996748b2b72470edd1b570be53566aefab644fe017da34df8fccd83613dbd8dcfd4a57603b3e666dd3632c3180b3e943762f1eb
Static task
static1
Behavioral task
behavioral1
Sample
Tax Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Tax Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.6A
soft.tjsosda.com:1989
sure.spdns.de:1989
hurricane.rapiddns.ru:1989
admin2214
-
delay
5
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Tax Invoice.exe
-
Size
239KB
-
MD5
f3e095480b743b91e227a56dc90f961f
-
SHA1
c173a87c984a20bf5e3751351e144a62de4ae269
-
SHA256
762c259cf0068e583cc70d8839c65bb87401de2f926f8306c66d83e7d7cfda8e
-
SHA512
d7fb57e80d720221aeb1674d7aa967e3c87b334f13c76c26e81d22cc0877d4921deffe37670093de83ebcbf488cdf654eadd12ce9cbd97517068621ec3a15de0
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-