General
-
Target
5c5c5bc4ca2e0155fd16336a31d07217e9e14e408ac20a08449b1695749c89c4
-
Size
1.2MB
-
Sample
220701-r9hjdahaar
-
MD5
72f6c1e85777bb08a7e7e894a30fef28
-
SHA1
6d2b269adb2b4ebc2d103db528187f2a69696ca8
-
SHA256
5c5c5bc4ca2e0155fd16336a31d07217e9e14e408ac20a08449b1695749c89c4
-
SHA512
07e0ad4294ef66fa8df9248b4e3ab6ef9bdc49658a29ad9cba80fdf3220410e1c50acfd078e8cf0054ac1d30ca1b74f4a22fa18b1f804d83b43459230dfb7617
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PURCHASE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.6B
winx.xcapdatap.capetown:6204
hmbjrgljbnj
-
delay
5
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
PURCHASE.EXE
-
Size
201KB
-
MD5
aa52fd0aa99adfc2583c41bd67b51b7d
-
SHA1
661a6a80a85d7b0e18e143b6b4909d347d2d438d
-
SHA256
87f439c9aa08113e367a322741a35e2c656a88e9d85e9dacdaf5157ada76f205
-
SHA512
d24c1fa34934f989cc644b68522932380fa1957ff3213b1b352c6de9684453eceec0d5f6f1ef98321cf581659b80feb9755298761c32a07b4d8820aa19f78f3a
-
Async RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-