General
-
Target
Pago.pif.exe
-
Size
623KB
-
Sample
230330-qqnevacg94
-
MD5
652dd5b56989f5ef5cb33759bf1ccbd0
-
SHA1
c7ba417514e93c71af7298ab9ba0c004079961b7
-
SHA256
50780178c6e35fc1107aa6aacb09c6d1a46d2200f909a95836c88cb7c3651c0e
-
SHA512
985d14a3159a6cab09a6cbb3048a306ea905a2311dcc93a1dba43796690aae647e91939fbfb9a47c0584eba7f16ebab2c9bc54c3e597d8d9b3d5c1f2d9946d6d
-
SSDEEP
12288:NcrNS33L10QdrXjcDn/ecGKnIiAnoXxDR3KUKLpFQBr7JFWpzL:wNA3R5drXoD/pfAnoXpR7kpFQBvJyL
Static task
static1
Behavioral task
behavioral1
Sample
Pago.pif.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Mnock
mooroopecamroy.sytes.net:1452
mooroopecamroy.sytes.net:1432
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
crssi.exe
-
install_folder
%AppData%
Targets
-
-
Target
Pago.pif.exe
-
Size
623KB
-
MD5
652dd5b56989f5ef5cb33759bf1ccbd0
-
SHA1
c7ba417514e93c71af7298ab9ba0c004079961b7
-
SHA256
50780178c6e35fc1107aa6aacb09c6d1a46d2200f909a95836c88cb7c3651c0e
-
SHA512
985d14a3159a6cab09a6cbb3048a306ea905a2311dcc93a1dba43796690aae647e91939fbfb9a47c0584eba7f16ebab2c9bc54c3e597d8d9b3d5c1f2d9946d6d
-
SSDEEP
12288:NcrNS33L10QdrXjcDn/ecGKnIiAnoXxDR3KUKLpFQBr7JFWpzL:wNA3R5drXoD/pfAnoXpR7kpFQBvJyL
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-