General
-
Target
CASH OFFER AND PROOF OF FUNDS.exe
-
Size
78KB
-
Sample
230503-nkc1tagd4t
-
MD5
9a40168e711a0bd875ee4c912c0357a0
-
SHA1
96505a9fd271da437eff5c191fbfbc3572e5bdb4
-
SHA256
be7c5be95e0d3f3c841b3dace8eb4c46acb9e42970324ee976a41ec210ae9f86
-
SHA512
ca35e6c155044aa35b4194605b7ca2341b0c15f9e37228d46a99198d08cb3442d9d6c2d51d6a2c60490b68a9d7752e96a6dc75e5c28981d682602af0f74b6f8d
-
SSDEEP
1536:guvph1oILHFw7Dunm48VoDYednpbM/9oI6eYnw7TPxdF8o75F943hh:jvph1oILHOXut8O86S9oRe8wfxvXX4
Static task
static1
Behavioral task
behavioral1
Sample
CASH OFFER AND PROOF OF FUNDS.exe
Resource
win7-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
191.101.130.28:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
CASH OFFER AND PROOF OF FUNDS.exe
-
Size
78KB
-
MD5
9a40168e711a0bd875ee4c912c0357a0
-
SHA1
96505a9fd271da437eff5c191fbfbc3572e5bdb4
-
SHA256
be7c5be95e0d3f3c841b3dace8eb4c46acb9e42970324ee976a41ec210ae9f86
-
SHA512
ca35e6c155044aa35b4194605b7ca2341b0c15f9e37228d46a99198d08cb3442d9d6c2d51d6a2c60490b68a9d7752e96a6dc75e5c28981d682602af0f74b6f8d
-
SSDEEP
1536:guvph1oILHFw7Dunm48VoDYednpbM/9oI6eYnw7TPxdF8o75F943hh:jvph1oILHOXut8O86S9oRe8wfxvXX4
-
Async RAT payload
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-