General
-
Target
confirmation-swift-payment.js
-
Size
1.5MB
-
Sample
230508-kd7p3ahf92
-
MD5
9431e2a625b43dcbdde6c9f7669c653c
-
SHA1
982c4e8dac9603148295e7a18532b668255f9ca1
-
SHA256
1139866f47d640744a522f86679627e568b52197f58b6484355b6c4544a6da22
-
SHA512
27954e4a559bfceb63776f2ad2557af26fcb12418614ed77d9889c0328d8f1aaf3e3157380d97c7b6484edb9a83daf04734593880dea257f05f14ac7d105ae9b
-
SSDEEP
24576:QRGa/yfp2xvks0uzuM6auN58aNRHINcemsHtE/+sSs955FBgnGAcbvMvfklxepUL:48pafKMz4RHoceXG/+sSs/Bgnw1
Static task
static1
Behavioral task
behavioral1
Sample
confirmation-swift-payment.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
confirmation-swift-payment.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
37.120.210.219:48408
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
confirmation-swift-payment.js
-
Size
1.5MB
-
MD5
9431e2a625b43dcbdde6c9f7669c653c
-
SHA1
982c4e8dac9603148295e7a18532b668255f9ca1
-
SHA256
1139866f47d640744a522f86679627e568b52197f58b6484355b6c4544a6da22
-
SHA512
27954e4a559bfceb63776f2ad2557af26fcb12418614ed77d9889c0328d8f1aaf3e3157380d97c7b6484edb9a83daf04734593880dea257f05f14ac7d105ae9b
-
SSDEEP
24576:QRGa/yfp2xvks0uzuM6auN58aNRHINcemsHtE/+sSs955FBgnGAcbvMvfklxepUL:48pafKMz4RHoceXG/+sSs/Bgnw1
Score10/10-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-