General
-
Target
ORDINE.exe
-
Size
3.0MB
-
Sample
220805-pzmdgacgh7
-
MD5
30e619eed663b6696ba1269dec11e1a9
-
SHA1
04ad1454bb163c8e1c5820ba591ae613dd6f6d45
-
SHA256
faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d
-
SHA512
2c7ff7b8658137e4c1ce494b2944e41c51be8c5d163df07cc3b16736d3abf591ea530d2b4b5fca212fc96d72383a4e65bfe42491a938dc12b42e78b764439bb3
Static task
static1
Behavioral task
behavioral1
Sample
ORDINE.exe
Resource
win7-20220715-en
Malware Config
Extracted
asyncrat
0.5.7B
Alibaba
191.101.130.243:7707
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ORDINE.exe
-
Size
3.0MB
-
MD5
30e619eed663b6696ba1269dec11e1a9
-
SHA1
04ad1454bb163c8e1c5820ba591ae613dd6f6d45
-
SHA256
faaddcf1294c8358fc6ccc4c36ecdc9fccd03ac345b3d022db144798d611397d
-
SHA512
2c7ff7b8658137e4c1ce494b2944e41c51be8c5d163df07cc3b16736d3abf591ea530d2b4b5fca212fc96d72383a4e65bfe42491a938dc12b42e78b764439bb3
-
Async RAT payload
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-