General
-
Target
FACURA PENDIENTE.exe
-
Size
310KB
-
Sample
221129-3vjnnsdc3y
-
MD5
a6c57b4233f83a6c0520774b51f6ee2a
-
SHA1
2978d695644ed629ae927ea3644f701f7c44f282
-
SHA256
8c07c75832300423a6c95e75e776b7ce9de117201bd218d59cc73dc780319649
-
SHA512
aa0e9af462565b4ff2688cffada4321527a06db182b1f6b90d1e88ac4e21891f6fdcc76da8ba16f50784997d54382a229dcb5b2ba28bfd3cc497146339691c51
-
SSDEEP
6144:0C8TB5f88m6yVaPuEuubHszgySrtdPNwvwmjyF8CyalOh:biMSyVaPuUbH6gySrtXwoWyF5dlw
Static task
static1
Behavioral task
behavioral1
Sample
FACURA PENDIENTE.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
FACURA PENDIENTE.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
asyncrat
1.0.7
Default
fghnmvhdf.duckdns.org:8026
DcRatMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
FACURA PENDIENTE.exe
-
Size
310KB
-
MD5
a6c57b4233f83a6c0520774b51f6ee2a
-
SHA1
2978d695644ed629ae927ea3644f701f7c44f282
-
SHA256
8c07c75832300423a6c95e75e776b7ce9de117201bd218d59cc73dc780319649
-
SHA512
aa0e9af462565b4ff2688cffada4321527a06db182b1f6b90d1e88ac4e21891f6fdcc76da8ba16f50784997d54382a229dcb5b2ba28bfd3cc497146339691c51
-
SSDEEP
6144:0C8TB5f88m6yVaPuEuubHszgySrtdPNwvwmjyF8CyalOh:biMSyVaPuUbH6gySrtXwoWyF5dlw
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-