General
-
Target
any.zip
-
Size
14.7MB
-
Sample
230207-xjdqdsge21
-
MD5
5b57e1c9621e1c5f836e88ccceccd22b
-
SHA1
5d9aade1d2c8da47e5b039b1278f76ac21932e87
-
SHA256
b2af74309e1f34870ebf08ac035a7007ff3c240ea1b954f5b6ebcde5a9819bce
-
SHA512
60e4f1e7588d6f39e8aa2c9c7e971ba5192c4f9b81aedc1fae68c6085b7a8dc9cdd7c2d4e152ecaf35df2ab03e046d59e597095cc92e5a061730ee2ee4aebf65
-
SSDEEP
393216:G/qQXGtPvpMzs1XIPyDG0HTH09Gbtj1wzE:GNIJiMY6qMr9YE
Static task
static1
Behavioral task
behavioral1
Sample
any.zip
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
any.zip
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
AnyDesk.msi
Resource
win7-20221111-en
Malware Config
Extracted
asyncrat
1.0.7
Default
escolavolutaria.fun:8848
SvchostMutex_qwqdanchun
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
any.zip
-
Size
14.7MB
-
MD5
5b57e1c9621e1c5f836e88ccceccd22b
-
SHA1
5d9aade1d2c8da47e5b039b1278f76ac21932e87
-
SHA256
b2af74309e1f34870ebf08ac035a7007ff3c240ea1b954f5b6ebcde5a9819bce
-
SHA512
60e4f1e7588d6f39e8aa2c9c7e971ba5192c4f9b81aedc1fae68c6085b7a8dc9cdd7c2d4e152ecaf35df2ab03e046d59e597095cc92e5a061730ee2ee4aebf65
-
SSDEEP
393216:G/qQXGtPvpMzs1XIPyDG0HTH09Gbtj1wzE:GNIJiMY6qMr9YE
Score1/10 -
-
-
Target
AnyDesk.msi
-
Size
286.7MB
-
MD5
93fc51f8dfb1e314039e0ce00498aca3
-
SHA1
64976e74b236fa54b7ba817d59b469699f8db0aa
-
SHA256
b03dd8181e69b3ee51ab7ad42244746e5333b26c34e56465d82ba1fa96ccaf99
-
SHA512
14335e49bbd131a518b9c6c73f04c7e06a33a5f18edb9ca5333fc84054b67214a82458ca0823df7da99b4a4e4c85124b2b2bdf6c4cd00cec822c188d3ab461db
-
SSDEEP
393216:qElr5pBY5mmG72friwCZHgQR6/Seu5Ll:XR4VK2DiwAgQo/SegL
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-