General
-
Target
corrected the terms of payment.js
-
Size
226KB
-
Sample
230201-kcemwsed51
-
MD5
280e79b75c74e2449baf87a246927342
-
SHA1
5b5376e5c25f25d65ba2717908ca0f559a0f0446
-
SHA256
3033956fcd540bc6d9f64fe4bce35b626deb627f7cc8394c19d1e3c07485ef61
-
SHA512
a6eecca1695fd32ba91c58b028342d96731bb3e8f7641fba00cdceebdedd32e95555eda6cbc29711c5dcd437763129e080666bb037141356e162da5391a49061
-
SSDEEP
6144:dKWuABY4W3vLv93KN4bwG0CehURoxNRHyM3:dKlIYu4UG7axWM3
Static task
static1
Behavioral task
behavioral1
Sample
corrected the terms of payment.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
corrected the terms of payment.js
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
87.237.165.133:6161
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
corrected the terms of payment.js
-
Size
226KB
-
MD5
280e79b75c74e2449baf87a246927342
-
SHA1
5b5376e5c25f25d65ba2717908ca0f559a0f0446
-
SHA256
3033956fcd540bc6d9f64fe4bce35b626deb627f7cc8394c19d1e3c07485ef61
-
SHA512
a6eecca1695fd32ba91c58b028342d96731bb3e8f7641fba00cdceebdedd32e95555eda6cbc29711c5dcd437763129e080666bb037141356e162da5391a49061
-
SSDEEP
6144:dKWuABY4W3vLv93KN4bwG0CehURoxNRHyM3:dKlIYu4UG7axWM3
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-