General
-
Target
d5f2b082e5032389bf6168f620820502.exe
-
Size
450KB
-
Sample
201020-z4xhn4efbj
-
MD5
d5f2b082e5032389bf6168f620820502
-
SHA1
0aadd90d8c1bf4bd57b34b0a6953740ea0875c02
-
SHA256
36827765c6b9ca4c6f26e04535b49f85c2b06e37c0efdb46e1bfe2339f3b48a4
-
SHA512
fd2e10798c7f08707eb8adaf5f8b0e0f3df9a599bc1cc25e94dd68da4e26c26621c884bca39ea827fc0672f31072646d4ab6ea24889179907a0cb42aa73fd3fe
Static task
static1
Behavioral task
behavioral1
Sample
d5f2b082e5032389bf6168f620820502.exe
Resource
win7
Behavioral task
behavioral2
Sample
d5f2b082e5032389bf6168f620820502.exe
Resource
win10
Malware Config
Extracted
asyncrat
0.5.7B
agentttt.ac.ug,agentpurple.ac.ug:6970
AsyncMutex_6SI8OkPnk
-
aes_key
16dw6EDbQkYZp5BTs7cmLUicVtOA4UQr
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
agentttt.ac.ug,agentpurple.ac.ug
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6970
-
version
0.5.7B
Targets
-
-
Target
d5f2b082e5032389bf6168f620820502.exe
-
Size
450KB
-
MD5
d5f2b082e5032389bf6168f620820502
-
SHA1
0aadd90d8c1bf4bd57b34b0a6953740ea0875c02
-
SHA256
36827765c6b9ca4c6f26e04535b49f85c2b06e37c0efdb46e1bfe2339f3b48a4
-
SHA512
fd2e10798c7f08707eb8adaf5f8b0e0f3df9a599bc1cc25e94dd68da4e26c26621c884bca39ea827fc0672f31072646d4ab6ea24889179907a0cb42aa73fd3fe
Score10/10-
Async RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-