General
-
Target
chromegoogle.exe
-
Size
579KB
-
Sample
201229-dxnkbqtmmx
-
MD5
6febf3e909196257afcc4dcc8b5eb4e7
-
SHA1
d6faa617c061a73ff1075c97833baa01cff7d51c
-
SHA256
09ee4fc7d4d4970dd3d30c8e2269e907971b337da0d1a0f8b78fe50a892b2639
-
SHA512
38af2d1d42f2636e6374ce1a6eca4aab8eaf0ddc75ba30b9204ab71969819b1f7a2bea9286ef6fc2301200d72976dd44b886df7db78d5a8ee5165aa0cc8beac8
Static task
static1
Behavioral task
behavioral1
Sample
chromegoogle.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
null:null
AsyncMutex_6SI8OkPnk
-
aes_key
EfA8oEwdphb1PRVOxTe3AN4wESj6UjIj
-
anti_detection
false
-
autorun
true
-
bdos
false
-
delay
CORONA
-
host
null
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/KVXdCZYr
-
port
null
-
version
0.5.7B
Targets
-
-
Target
chromegoogle.exe
-
Size
579KB
-
MD5
6febf3e909196257afcc4dcc8b5eb4e7
-
SHA1
d6faa617c061a73ff1075c97833baa01cff7d51c
-
SHA256
09ee4fc7d4d4970dd3d30c8e2269e907971b337da0d1a0f8b78fe50a892b2639
-
SHA512
38af2d1d42f2636e6374ce1a6eca4aab8eaf0ddc75ba30b9204ab71969819b1f7a2bea9286ef6fc2301200d72976dd44b886df7db78d5a8ee5165aa0cc8beac8
-
Async RAT payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-