General
-
Target
IMG-06-03-2023 SOPORTE DE PAGO.exe
-
Size
1004KB
-
Sample
230306-vmy5dsch5t
-
MD5
78b82769e33e8b7fbe522a5f91aec971
-
SHA1
342f969990164f29724d9649c5d6828589679df5
-
SHA256
f21171b0e5d65b883415f0d998bd7f6be2ba09017ade19e1def13b6816168798
-
SHA512
8f0903cf10f27a835a885beb6da5dc04438b001e53c1c2035a83188ce074715b877c5493bc2334e3d76be24d037a9900fa1a174b10fffd8d5ce2641a9bb592f5
-
SSDEEP
12288:l6HhNEz9y3joQ+Bv+sZDmcGJefWytVjec9JX37o78J0AZOODDsL:l6EwTHXe9dfZhC
Static task
static1
Behavioral task
behavioral1
Sample
IMG-06-03-2023 SOPORTE DE PAGO.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
IMG-06-03-2023 SOPORTE DE PAGO.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
gsfdsfhghsff.duckdns.org:8020
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
IMG-06-03-2023 SOPORTE DE PAGO.exe
-
Size
1004KB
-
MD5
78b82769e33e8b7fbe522a5f91aec971
-
SHA1
342f969990164f29724d9649c5d6828589679df5
-
SHA256
f21171b0e5d65b883415f0d998bd7f6be2ba09017ade19e1def13b6816168798
-
SHA512
8f0903cf10f27a835a885beb6da5dc04438b001e53c1c2035a83188ce074715b877c5493bc2334e3d76be24d037a9900fa1a174b10fffd8d5ce2641a9bb592f5
-
SSDEEP
12288:l6HhNEz9y3joQ+Bv+sZDmcGJefWytVjec9JX37o78J0AZOODDsL:l6EwTHXe9dfZhC
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-