General
-
Target
IMG-2983562398092375826583295 CONFIRMACION EXITOSA DE CONSIGNACION A CUENTA DE AHORRO 8723456792385'2.exe
-
Size
1.3MB
-
Sample
221006-mey6eshag2
-
MD5
f466733baafecbcda0e3e270254b6a71
-
SHA1
0126d0f915000c7870b2ef99a3956b469e5e332b
-
SHA256
6313da98fb2cb9a244be2831c68da5301bfd60fbdd49293ca74e73d8885a2915
-
SHA512
5a18e2fcd299b54fe5dd2a9eef0e35855a2b618c18351463f9037d0af901db2b82ae620df2d72f713521ed43965f03979e6235ae38985bebbfaa45773c676bbb
-
SSDEEP
24576:actJecDFmLiYXccqM8oUS9Ms9l/dJjtPx:actJnDFPYXbqMUkMuLHP
Static task
static1
Behavioral task
behavioral1
Sample
IMG-2983562398092375826583295 CONFIRMACION EXITOSA DE CONSIGNACION A CUENTA DE AHORRO 8723456792385'2.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
IMG-2983562398092375826583295 CONFIRMACION EXITOSA DE CONSIGNACION A CUENTA DE AHORRO 8723456792385'2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
pedroalcantaralora09.duckdns.org:1990
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
IMG-2983562398092375826583295 CONFIRMACION EXITOSA DE CONSIGNACION A CUENTA DE AHORRO 8723456792385'2.exe
-
Size
1.3MB
-
MD5
f466733baafecbcda0e3e270254b6a71
-
SHA1
0126d0f915000c7870b2ef99a3956b469e5e332b
-
SHA256
6313da98fb2cb9a244be2831c68da5301bfd60fbdd49293ca74e73d8885a2915
-
SHA512
5a18e2fcd299b54fe5dd2a9eef0e35855a2b618c18351463f9037d0af901db2b82ae620df2d72f713521ed43965f03979e6235ae38985bebbfaa45773c676bbb
-
SSDEEP
24576:actJecDFmLiYXccqM8oUS9Ms9l/dJjtPx:actJnDFPYXbqMUkMuLHP
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-