General
-
Target
ULTITECJORO8368Ngdkdvk0cCe8TdQhhzpOK9.exe
-
Size
422KB
-
Sample
201109-aggq7b78dj
-
MD5
0ada41553c85e51d2323a64add3ec6de
-
SHA1
bef7bd18a545427bfb834e7650b02926e99181ab
-
SHA256
6b09f1cfc05625cdd9c328e7ac8c67ade7fcc234cd0631999d8996b54c3da722
-
SHA512
39c56c7fd174bbdf8cdb24c9cac8f0b5a9bf2415d85e0f5aacb82e86b0bdf3622bc1105ac5528f16db4553226052085144d9b258fbf180917e79d0bb63c2466e
Behavioral task
behavioral1
Sample
ULTITECJORO8368Ngdkdvk0cCe8TdQhhzpOK9.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ULTITECJORO8368Ngdkdvk0cCe8TdQhhzpOK9.exe
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.6D
185.165.153.215:6606
uqeolevmck
-
aes_key
5eoiILw5GAY7OkbkZoi8uQvz2qpV60Nt
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
sunday
-
host
185.165.153.215
-
hwid
1
- install_file
-
install_folder
%AppData%
-
mutex
uqeolevmck
-
pastebin_config
null
-
port
6606
-
version
0.5.6D
Targets
-
-
Target
ULTITECJORO8368Ngdkdvk0cCe8TdQhhzpOK9.exe
-
Size
422KB
-
MD5
0ada41553c85e51d2323a64add3ec6de
-
SHA1
bef7bd18a545427bfb834e7650b02926e99181ab
-
SHA256
6b09f1cfc05625cdd9c328e7ac8c67ade7fcc234cd0631999d8996b54c3da722
-
SHA512
39c56c7fd174bbdf8cdb24c9cac8f0b5a9bf2415d85e0f5aacb82e86b0bdf3622bc1105ac5528f16db4553226052085144d9b258fbf180917e79d0bb63c2466e
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Suspicious use of SetThreadContext
-