General
-
Target
BOLETA DE CITACION SEPTIEMBRE.exe
-
Size
1.8MB
-
Sample
220929-vbnjhscddp
-
MD5
ff034e670af40d53470dc8f1536fd58e
-
SHA1
cc48f6ec06ce2f4a5d11d4ba693413c807fb2c7d
-
SHA256
e490c0eb6beec707ee6a46816aa7b765a98a5a637f66a854948270ed06b2332a
-
SHA512
4bb24683fb06a078ff448918f4e118015d88eb03e07ee4a66cf3200e15c5eb4888fd59349102932a3048eb24371bedd1909ef42aa9ac0d1a1b19d62eff24a5d3
-
SSDEEP
49152:pHIKvoo917KPKE7xPd9gAKl1mphxF1ZQik92/hRWGQX:tx92Kb5mzr1ljPWJX
Static task
static1
Behavioral task
behavioral1
Sample
BOLETA DE CITACION SEPTIEMBRE.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
BOLETA DE CITACION SEPTIEMBRE.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
dfdagreyt.duckdns.org:8091
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
BOLETA DE CITACION SEPTIEMBRE.exe
-
Size
1.8MB
-
MD5
ff034e670af40d53470dc8f1536fd58e
-
SHA1
cc48f6ec06ce2f4a5d11d4ba693413c807fb2c7d
-
SHA256
e490c0eb6beec707ee6a46816aa7b765a98a5a637f66a854948270ed06b2332a
-
SHA512
4bb24683fb06a078ff448918f4e118015d88eb03e07ee4a66cf3200e15c5eb4888fd59349102932a3048eb24371bedd1909ef42aa9ac0d1a1b19d62eff24a5d3
-
SSDEEP
49152:pHIKvoo917KPKE7xPd9gAKl1mphxF1ZQik92/hRWGQX:tx92Kb5mzr1ljPWJX
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-