General
-
Target
AS-0987654567890-09654.pif.exe
-
Size
152KB
-
Sample
221205-p872jaff21
-
MD5
ba88096aed1d0887ac87096eb02f31d7
-
SHA1
653ec005de1c9eaa01d0caf97fd4a4c568263df1
-
SHA256
c65474ab1e1cf358b34fb782e40b9208d967624bb63d4f58a749d7b27c0aee71
-
SHA512
73323ddb58b6aed0b8a171a2e1aeb10c6e8dcf12cd8bf2240d7e64ec70898cba340016e4659ab3fea909bbddbb3404e0af70396fe8b98ed10b388706b2d6c285
-
SSDEEP
3072:QEhKzShSycSMPJk+V42ma+9zxIT+DPjMBBYECSF:QBn1PJkS42mBITe+US
Static task
static1
Behavioral task
behavioral1
Sample
AS-0987654567890-09654.pif.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
AS-0987654567890-09654.pif.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
45.137.22.111:8787
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
AS-0987654567890-09654.pif.exe
-
Size
152KB
-
MD5
ba88096aed1d0887ac87096eb02f31d7
-
SHA1
653ec005de1c9eaa01d0caf97fd4a4c568263df1
-
SHA256
c65474ab1e1cf358b34fb782e40b9208d967624bb63d4f58a749d7b27c0aee71
-
SHA512
73323ddb58b6aed0b8a171a2e1aeb10c6e8dcf12cd8bf2240d7e64ec70898cba340016e4659ab3fea909bbddbb3404e0af70396fe8b98ed10b388706b2d6c285
-
SSDEEP
3072:QEhKzShSycSMPJk+V42ma+9zxIT+DPjMBBYECSF:QBn1PJkS42mBITe+US
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-