General
-
Target
ORDER-MTC04RFQGENZAK1220637501220524622023.ex.exe
-
Size
970KB
-
Sample
230306-pq2rssbf61
-
MD5
b1537fae210eb7c2f8a87515c7e8e1db
-
SHA1
7180070c495e46021224f05ef236c28f3a45a2b6
-
SHA256
ca0b1b8a0b420154b135f21acdc3612ad594ab31a56f0216979017514443c428
-
SHA512
177b26201d2dd71cbd36c27d8f42c94da91ad35fe7304c83a9c811574ed66fe25cbbe3d51d87a5b3f119077da0767e21774f1521bbe582d5f4face5841368eef
-
SSDEEP
24576:H1Qwe3cOQ5dKZzx+OebLOtavdOni2P+03bur:HBTgZzXeetav/e+Kbu
Static task
static1
Behavioral task
behavioral1
Sample
ORDER-MTC04RFQGENZAK1220637501220524622023.ex.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
milanooffice.hopto.org:6606
milanooffice.hopto.org:7707
milanooffice.hopto.org:8808
milanooffice.hopto.org:4040
milanooffice.hopto.org:5058
milanooffice.hopto.org:80
51.68.180.4:6606
51.68.180.4:7707
51.68.180.4:8808
51.68.180.4:4040
51.68.180.4:5058
51.68.180.4:80
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
adobe.exe
-
install_folder
%AppData%
Targets
-
-
Target
ORDER-MTC04RFQGENZAK1220637501220524622023.ex.exe
-
Size
970KB
-
MD5
b1537fae210eb7c2f8a87515c7e8e1db
-
SHA1
7180070c495e46021224f05ef236c28f3a45a2b6
-
SHA256
ca0b1b8a0b420154b135f21acdc3612ad594ab31a56f0216979017514443c428
-
SHA512
177b26201d2dd71cbd36c27d8f42c94da91ad35fe7304c83a9c811574ed66fe25cbbe3d51d87a5b3f119077da0767e21774f1521bbe582d5f4face5841368eef
-
SSDEEP
24576:H1Qwe3cOQ5dKZzx+OebLOtavdOni2P+03bur:HBTgZzXeetav/e+Kbu
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-