General
-
Target
Kleinschmidt GmbH Invoices - Payment Receipt.7z
-
Size
417KB
-
Sample
220928-k7wvnafea5
-
MD5
507e78b17aa6cf7bd88beb426cffc904
-
SHA1
bc1da2bd3fafc8a54ac3624659f7454938d3a24f
-
SHA256
2894d07aa782dcb0bc5c542447e2aba9d86c0c98fff54a91d19f1444abf95b6f
-
SHA512
7e103932c3ab7d5dab97e967cc0487d5f19ab081737ed363dd1c45bc21566ca231a2a3a311b858bc198bc7790d399ebfbbb6042bbfee3a63b407719e398772b5
-
SSDEEP
6144:XmzztTzLflX14oT61JDv2za7id35dNLCFz7z/77k09x2RgyY3/+dqfNAZWssSau:XQLtFY1JD7m3flCdzXV90YP6Q3u
Static task
static1
Behavioral task
behavioral1
Sample
Kleinschmidt GmbH Invoices - Payment Receipt.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6305
209.127.186.218:6305
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
MicroSoft-win.exe
-
install_folder
%AppData%
Targets
-
-
Target
Kleinschmidt GmbH Invoices - Payment Receipt.exe
-
Size
796KB
-
MD5
3d2af31c95b477dc90f42b825ad7c126
-
SHA1
9064ca55686edead9351d49c911c184caa236ae7
-
SHA256
1fec1e11e26b8d1de831b50ff0163dfca3a751e3bb28ea372b54a7c9cc19cff6
-
SHA512
8da1a7c125eee396cbc7e5a386503ce60c6ef2f187e0d158ab7491e60b90913df452fce94190821c1b41c819963879869756f6cbfe35c44e60efe71dafe1805d
-
SSDEEP
6144:Gk4I1/j6U/sWc918LevX14oT61JDC2ya7/yo5tNLCFC7z/7tkW/x2RDXY3/+75f0:0UuscX8LqFY1JD/moblCAz5V/qYPe
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-