General
-
Target
PO87875620 2022 DEC.exe
-
Size
242KB
-
Sample
221206-j55t4sch2z
-
MD5
d32481e5d392f9346f8b857be5e2a60a
-
SHA1
a336a84416d6829cba05001248685c97d8344571
-
SHA256
035c9b74eb554db2c071ab90d77d252027c36ba3995597fb61f81ef0f72c911e
-
SHA512
efa974e573e4215f6395ed99a2cb223c6ff6fb7f037fd050a12920806a54ee8a3ac6b3b5d08b2649b62159cc7951424284e88c8429a2de65257939480eec3a0b
-
SSDEEP
6144:N9jJoVYlB0QZroh5jleTF64opuhFgA/Kl6GP4x6OoKeaz:BcYhZrEjleTF64AuhFV/Kby6Yz
Static task
static1
Behavioral task
behavioral1
Sample
PO87875620 2022 DEC.exe
Resource
win7-20220812-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
chexfotii.ddns.net:4545
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
PO87875620 2022 DEC.exe
-
Size
242KB
-
MD5
d32481e5d392f9346f8b857be5e2a60a
-
SHA1
a336a84416d6829cba05001248685c97d8344571
-
SHA256
035c9b74eb554db2c071ab90d77d252027c36ba3995597fb61f81ef0f72c911e
-
SHA512
efa974e573e4215f6395ed99a2cb223c6ff6fb7f037fd050a12920806a54ee8a3ac6b3b5d08b2649b62159cc7951424284e88c8429a2de65257939480eec3a0b
-
SSDEEP
6144:N9jJoVYlB0QZroh5jleTF64opuhFgA/Kl6GP4x6OoKeaz:BcYhZrEjleTF64AuhFV/Kby6Yz
-
Async RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-