General

  • Target

    H7LMDfMh.exe

  • Size

    45KB

  • MD5

    fb1a0e0ced17a1a7764980f3b26850bb

  • SHA1

    1a48d9a0f538098833cdf083fa48fd93d1970db8

  • SHA256

    708ba499db884070420f378523658870927c31654d03d24cdac303b5d60b0ac4

  • SHA512

    bf619f1051575de76cacd0fd0fe6d1f4d7695d78fbcb1761752eb2b92f848ce2510df9edc53ff809264a4458161bba773603ce51a19ea25264c2cc12bfa34d61

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:6821

127.0.0.1:4444

fuckmyass.duckdns.org:6606

fuckmyass.duckdns.org:7707

fuckmyass.duckdns.org:8808

fuckmyass.duckdns.org:6821

fuckmyass.duckdns.org:4444

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • aes_key

    hIhssGeSiauRtuRmn6lgYTmqQAU1ORW4

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    127.0.0.1,fuckmyass.duckdns.org

  • hwid

    3

  • install_file

  • install_folder

    %AppData%

  • mutex

    AsyncMutex_6SI8OkPnk

  • pastebin_config

    null

  • port

    6606,7707,8808,6821,4444

  • version

    0.5.7B

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family

Files

  • H7LMDfMh.exe
    .exe windows x86