General
-
Target
Invoice due.one.exe
-
Size
153KB
-
Sample
230209-sc1t5agf3s
-
MD5
6de66d63e7e9a414313c0237cbe97e78
-
SHA1
464b5449e668281565e3378c72063431be99c15f
-
SHA256
c4faab169180f07a3621c37d42aa79d04825b2a2ecc2ba01b3db7d1a8950c8b6
-
SHA512
cc2ecad9bcee75e79c812564afadee4bfe3445b72818d13ff92b732326e222699b3d803728742a0ddc64adc7405eae3d365abb6371f62a921589ab82075930c0
-
SSDEEP
3072:f0FHdppuOf+wMSHjnywM0vY9t8Qkh+n8KMmkYX3HB8ox1wm/:cFPMOf+wMAywM0EJksnJvNHh8Sn/
Static task
static1
Behavioral task
behavioral1
Sample
Invoice due.one.exe
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
Invoice due.one.exe
Resource
win7-20221111-en
Behavioral task
behavioral3
Sample
Invoice due.one.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
mulla1.mywire.org:6606
mulla1.mywire.org:7707
mulla1.mywire.org:8808
mulla2022.hopto.org:6606
mulla2022.hopto.org:7707
mulla2022.hopto.org:8808
mulla2.mywire.org:6606
mulla2.mywire.org:7707
mulla2.mywire.org:8808
Gallery
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Invoice due.one.exe
-
Size
153KB
-
MD5
6de66d63e7e9a414313c0237cbe97e78
-
SHA1
464b5449e668281565e3378c72063431be99c15f
-
SHA256
c4faab169180f07a3621c37d42aa79d04825b2a2ecc2ba01b3db7d1a8950c8b6
-
SHA512
cc2ecad9bcee75e79c812564afadee4bfe3445b72818d13ff92b732326e222699b3d803728742a0ddc64adc7405eae3d365abb6371f62a921589ab82075930c0
-
SSDEEP
3072:f0FHdppuOf+wMSHjnywM0vY9t8Qkh+n8KMmkYX3HB8ox1wm/:cFPMOf+wMAywM0EJksnJvNHh8Sn/
Score10/10-
Async RAT payload
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-