General
-
Target
1b3565be9ec87bcb828af01ba25e9ff6
-
Size
942KB
-
Sample
220704-h2watsfbfn
-
MD5
1b3565be9ec87bcb828af01ba25e9ff6
-
SHA1
5d3a19c3834594a8e231ae9b5fb1a50245380ab9
-
SHA256
590d68d18c4f1e312d351cfce5f9e0ffb1dfd16e80b5979f19155c7f2f843648
-
SHA512
68c6a970481608c57c2273c2ba313967328955dc6580446c60c96c658af9b96ad8d9333d23627e21565e5c618c68da9fe32dd2d3744175c724d5b5752a08930d
Static task
static1
Behavioral task
behavioral1
Sample
Re Order 4500324718-CIMELECT.jar
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
franmhort.duia.ro:8153
Mutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
win.exe
-
install_folder
%AppData%
Targets
-
-
Target
Re Order 4500324718-CIMELECT.jar
-
Size
694KB
-
MD5
7c5d4887188330ff9c6eb853f2e58847
-
SHA1
91fdfe9ee9bc580ec2440f7485f71e3d34d4c883
-
SHA256
ead8106d04189a9765d0e125d5d504e30c2c1bc3223a8d9d3ee897af82846b96
-
SHA512
7b907daaf146bbc06657d33f7a7b5e0254615c080de46ebabb16fea282b0cea67dcb164c0a42a489fbcd7ca70624aef19d58ddc2ae36571867225f936c01f12f
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-