General
-
Target
hsbc bank confirmation slip copy 309289281 pd.exe
-
Size
240KB
-
Sample
230223-nyb1nshe9x
-
MD5
0c7f4ddbd03632a937be894a7db41bab
-
SHA1
b2f22fbcff5dc566ae3091c6e92bba6c5274a286
-
SHA256
78e9ff46f25960c5d0d0d7e20a2418fb724f2979c45c69b7a9272b79f2d6fa19
-
SHA512
80025a889f022f839296ac6a8396406efe2f08b17651c900dd1ff7cd2252d233ce9f80f7c50746c6be59fad5ace70e7d7a8b4f2d7085f023388109db1234980c
-
SSDEEP
6144:wUXmIvLG8jD9Zbss0kG9gTJuy0O12udoEUAZn4:wUXmIv68bXJuwldE
Static task
static1
Behavioral task
behavioral1
Sample
hsbc bank confirmation slip copy 309289281 pd.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
hsbc bank confirmation slip copy 309289281 pd.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:5992
109.206.240.5:5992
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_file
Microsoft-R.exe
-
install_folder
%AppData%
Targets
-
-
Target
hsbc bank confirmation slip copy 309289281 pd.exe
-
Size
240KB
-
MD5
0c7f4ddbd03632a937be894a7db41bab
-
SHA1
b2f22fbcff5dc566ae3091c6e92bba6c5274a286
-
SHA256
78e9ff46f25960c5d0d0d7e20a2418fb724f2979c45c69b7a9272b79f2d6fa19
-
SHA512
80025a889f022f839296ac6a8396406efe2f08b17651c900dd1ff7cd2252d233ce9f80f7c50746c6be59fad5ace70e7d7a8b4f2d7085f023388109db1234980c
-
SSDEEP
6144:wUXmIvLG8jD9Zbss0kG9gTJuy0O12udoEUAZn4:wUXmIv68bXJuwldE
Score10/10-
Async RAT payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-