General
-
Target
Invoice 89273.one_1.extracted
-
Size
259B
-
Sample
230309-zhvnmaab92
-
MD5
4841795be621a596c8bc6b453f68c8a3
-
SHA1
f29d16a0c12d6f1b82ab4a740c6e51ea81069187
-
SHA256
d4ea99586214e4594e043eb09c402f1a446633de599db3cd7a0ee04b9de9b5e4
-
SHA512
5e26de16189115302d53bba6716944086d2374bae33751fdc7b61a76b0583b5f949bec956f15ec1c092b6d94ce6b30f44405e9a2ff2c307893b1a25d6f8da0e2
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 89273.one_1.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Invoice 89273.one_1.js
Resource
win10-20230220-en
Behavioral task
behavioral3
Sample
Invoice 89273.one_1.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
209.145.56.157:6606
209.145.56.157:7707
209.145.56.157:8808
MUSIC
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Invoice 89273.one_1.extracted
-
Size
259B
-
MD5
4841795be621a596c8bc6b453f68c8a3
-
SHA1
f29d16a0c12d6f1b82ab4a740c6e51ea81069187
-
SHA256
d4ea99586214e4594e043eb09c402f1a446633de599db3cd7a0ee04b9de9b5e4
-
SHA512
5e26de16189115302d53bba6716944086d2374bae33751fdc7b61a76b0583b5f949bec956f15ec1c092b6d94ce6b30f44405e9a2ff2c307893b1a25d6f8da0e2
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-