General
-
Target
REMIITANCE FOR ORDER.PDF.exe
-
Size
464KB
-
Sample
240126-nxbzaacgh7
-
MD5
2879fdc1610f2dbd53042f8ce17cb2e3
-
SHA1
49e9c2591e40654c24e33ca581673d8ce9d316aa
-
SHA256
055df72340a95664035986e6d027055304abed82949af74bb5e230c841a8f8f5
-
SHA512
33275894a3864fdddcd217296d423642eadc637feda10478d3d33fe96ceaa7a9b53d70047207070026cbd403f4c296add6b61dbf36de05835178c80492d4b3ef
-
SSDEEP
6144:DLlHQGlvj00IX3O5fWAMl3A4aHuEzudl8PlslnHxpP6egHA7cH0bqjnJEeriH+fr:DLlHQGlvU0U3YCNxqhJn9riHzGBXcG7
Static task
static1
Behavioral task
behavioral1
Sample
REMIITANCE FOR ORDER.PDF.exe
Resource
win7-20231215-en
Malware Config
Extracted
asyncrat
0.5.7B
Default
fresh01.ddns.net:2256
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
true
-
install_file
Logs.exe
-
install_folder
%AppData%
Targets
-
-
Target
REMIITANCE FOR ORDER.PDF.exe
-
Size
464KB
-
MD5
2879fdc1610f2dbd53042f8ce17cb2e3
-
SHA1
49e9c2591e40654c24e33ca581673d8ce9d316aa
-
SHA256
055df72340a95664035986e6d027055304abed82949af74bb5e230c841a8f8f5
-
SHA512
33275894a3864fdddcd217296d423642eadc637feda10478d3d33fe96ceaa7a9b53d70047207070026cbd403f4c296add6b61dbf36de05835178c80492d4b3ef
-
SSDEEP
6144:DLlHQGlvj00IX3O5fWAMl3A4aHuEzudl8PlslnHxpP6egHA7cH0bqjnJEeriH+fr:DLlHQGlvU0U3YCNxqhJn9riHzGBXcG7
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-