General
-
Target
BANCOLOMBIA LE INFORMA QUE SU CUENTA DE AHORRO ESTA PRESENTANDO MOVIVIMIENTOS INUSUALES VALIDE SU INFORMACION Y EVITE FRAUDES.exe
-
Size
321KB
-
Sample
201228-lwb9n16bg2
-
MD5
24b6a2657a73c3bad64be3b3eadc5ecd
-
SHA1
5f35c84e24163264be7ccb807d8121695c3b1c4d
-
SHA256
cdbadb90de6d5cbdd15f273917be1ba0a17142aa84b3196becafb5c670ec5d28
-
SHA512
55a820b8fa4be1a8313c5ec9d33ab5314635d98428141c52ab62f49441fbf755832ddacf2ec7455c266893fb716803afe319ae5fc9d845055cf97a0d401a74ea
Static task
static1
Behavioral task
behavioral1
Sample
BANCOLOMBIA LE INFORMA QUE SU CUENTA DE AHORRO ESTA PRESENTANDO MOVIVIMIENTOS INUSUALES VALIDE SU IN.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
sdfsdfasdf.duckdns.org:8050
AsyncMutex_6SI8OkPnk
-
aes_key
MHVDLkAAZAe6m0lVK86hB1WGVmtSHDdM
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
sdfsdfasdf.duckdns.org
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
8050
-
version
0.5.7B
Targets
-
-
Target
BANCOLOMBIA LE INFORMA QUE SU CUENTA DE AHORRO ESTA PRESENTANDO MOVIVIMIENTOS INUSUALES VALIDE SU INFORMACION Y EVITE FRAUDES.exe
-
Size
321KB
-
MD5
24b6a2657a73c3bad64be3b3eadc5ecd
-
SHA1
5f35c84e24163264be7ccb807d8121695c3b1c4d
-
SHA256
cdbadb90de6d5cbdd15f273917be1ba0a17142aa84b3196becafb5c670ec5d28
-
SHA512
55a820b8fa4be1a8313c5ec9d33ab5314635d98428141c52ab62f49441fbf755832ddacf2ec7455c266893fb716803afe319ae5fc9d845055cf97a0d401a74ea
-
Async RAT payload
-