General
-
Target
5c206519b44d99681aa637386f513175572ec510e83ef24590f5310fd41f373c
-
Size
153KB
-
Sample
231004-b7zf4sad28
-
MD5
e84a915d79c314913805b4e80ab9dce4
-
SHA1
d846882c900f3ca934a97f116bf8d722c1a97eaf
-
SHA256
5c206519b44d99681aa637386f513175572ec510e83ef24590f5310fd41f373c
-
SHA512
ffa26cae3637f42b9520b128014bdc4cac1fe79d30f563e7f50ac675e3d46a3684e344a07eef0b423a454185a4146fdbc10041015a2324e9ad61fa31e92f90e3
-
SSDEEP
3072:biCdyosa5JqQgCQBvB4dvAWgMK/pvELvFRaKjiPAw3srUY6uTT:biC8osTpfvBYIWgp/6bFAK3wcoY6KT
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
PROFORMA INVOICE.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
asyncrat
Default
79.134.225.113:9346
KωUORNيקzXשuZ伊Ufo开MΖ
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
PROFORMA INVOICE.exe
-
Size
169KB
-
MD5
ea3090debf7241bf0c754c6e30c4a46c
-
SHA1
f238fbb8bfe0e8c417e9b7ba8e192cd9948c88d2
-
SHA256
0f757aaa17a6d470967a7e011d6016985dafeaaf409d72a008f970e827894065
-
SHA512
4f50447ae754e839d9ea8b013ee0a5fe51ce3996e1745c18fe87c70fad3bdab3d2cdf38e4e77d057671d8c470523c329758ee09cc3e55af9c2a1560d9ffd9a74
-
SSDEEP
3072:hR+GZNq7KCQBvB4jvA6gMqEqF2A0K0jyzWiPAwHsrUYMP4qY:h3e+fvBMI6gTTF2A07jy+wMoYJq
-
StormKitty payload
-
Async RAT payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-