General
-
Target
IMF-2973567237527598275 DOCUMENTO DE TRANSFERENCIA EXITOSA N_2636573257822.bin
-
Size
3.2MB
-
Sample
220920-sah7asdea6
-
MD5
b06242e3ba2489807edbd4177c5e235d
-
SHA1
d6e9f249d3c82b3970c43923cfe92acfdbd99a3c
-
SHA256
6dba2629115ecd8cdc8b39f42702bdd63eea1d0589d94096159c6f17988af179
-
SHA512
b301ac684f7df8888965fb34251ea857e2c4a47b9716d1fef6e40c0a03a324b3de25f3e6183b8ff61e1d1a70f0a22ed58c11224fbfa4442de457fe49e7001d38
-
SSDEEP
98304:ywTPyIpbl4sarbtAQyCAtOSBrAV7STDPZkpr:qlDVGRGEpk
Static task
static1
Behavioral task
behavioral1
Sample
IMF-2973567237527598275 DOCUMENTO DE TRANSFERENCIA EXITOSA N_2636573257822.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
IMF-2973567237527598275 DOCUMENTO DE TRANSFERENCIA EXITOSA N_2636573257822.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
fernandoguerralora09.duckdns.org:1990
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
IMF-2973567237527598275 DOCUMENTO DE TRANSFERENCIA EXITOSA N_2636573257822.bin
-
Size
3.2MB
-
MD5
b06242e3ba2489807edbd4177c5e235d
-
SHA1
d6e9f249d3c82b3970c43923cfe92acfdbd99a3c
-
SHA256
6dba2629115ecd8cdc8b39f42702bdd63eea1d0589d94096159c6f17988af179
-
SHA512
b301ac684f7df8888965fb34251ea857e2c4a47b9716d1fef6e40c0a03a324b3de25f3e6183b8ff61e1d1a70f0a22ed58c11224fbfa4442de457fe49e7001d38
-
SSDEEP
98304:ywTPyIpbl4sarbtAQyCAtOSBrAV7STDPZkpr:qlDVGRGEpk
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-