General

  • Target

    r1uDWJza.exe

  • Size

    47KB

  • MD5

    0550342e66698384f232ac39b700dd14

  • SHA1

    ba5e50a39d1502e38196724ec9d844ee4bf8d002

  • SHA256

    f3fcbb0fedb1e3b732185aebbf845ca185c950ca3635026d8a754312220577c9

  • SHA512

    95d4814c0f18dadc1d6e6ca69c0dc96aa197595ad4e24526556e03d6f11b86a7314294ec22dd41a1305e326d49fc1562b75e376d1803c8abb86c6fe0f1ddb4b3

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

0.5.7A

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:1177

liligharba5.ddns.net:6606

liligharba5.ddns.net:7707

liligharba5.ddns.net:8808

liligharba5.ddns.net:1177

Mutex

egsqhsrnnsznfo

Attributes
  • aes_key

    AmS16HZdeZmy6vvgX1cBFdKWQLYDA6Wj

  • anti_detection

    false

  • autorun

    false

  • bdos

    false

  • delay

    Default

  • host

    127.0.0.1,liligharba5.ddns.net

  • hwid

    1

  • install_file

  • install_folder

    %AppData%

  • mutex

    egsqhsrnnsznfo

  • pastebin_config

    null

  • port

    6606,7707,8808,1177

  • version

    0.5.7A

aes.plain

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family

Files

  • r1uDWJza.exe
    .exe windows x86