General
-
Target
NEW PURCHASE ORDER EXP0028433 SCAN DOC.exe
-
Size
1022KB
-
Sample
221011-r1plbsadgn
-
MD5
bb240dcac9cb0b5082636d9d98f79459
-
SHA1
2965a18059dc4f5f69d9e48023637ea6984ac595
-
SHA256
aae20c0fbcbb6a459929a9ebf3a27bb72064df5123db3d8a78b4087c0a0648fc
-
SHA512
daa42a06b4cbece9e56590f5b0b47f15fd1518ca44b08e1783fcec5d9ae112ba076e1bad6ee3be199577abc77fd3ac263c1e3327a99a471644b1b44b9403b2e0
-
SSDEEP
24576:+RUr+UZtr4OVMbDmWZyycNj5bj6vpFAtQy4A:BXt9IiykMvpIX
Static task
static1
Behavioral task
behavioral1
Sample
NEW PURCHASE ORDER EXP0028433 SCAN DOC.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
BOYS
asyncat.duckdns.org:6565
AsyncMutex_6SI8OkPnk
-
delay
5
-
install
true
-
install_file
APE.exe
-
install_folder
%AppData%
Targets
-
-
Target
NEW PURCHASE ORDER EXP0028433 SCAN DOC.exe
-
Size
1022KB
-
MD5
bb240dcac9cb0b5082636d9d98f79459
-
SHA1
2965a18059dc4f5f69d9e48023637ea6984ac595
-
SHA256
aae20c0fbcbb6a459929a9ebf3a27bb72064df5123db3d8a78b4087c0a0648fc
-
SHA512
daa42a06b4cbece9e56590f5b0b47f15fd1518ca44b08e1783fcec5d9ae112ba076e1bad6ee3be199577abc77fd3ac263c1e3327a99a471644b1b44b9403b2e0
-
SSDEEP
24576:+RUr+UZtr4OVMbDmWZyycNj5bj6vpFAtQy4A:BXt9IiykMvpIX
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-