General
-
Target
Payment Copy.exe
-
Size
492KB
-
Sample
201230-1gth7fn2s2
-
MD5
7252677dff6c881ecbab4f53d6c0a344
-
SHA1
838f0094d88eed0154411b16d5d03b424a272c19
-
SHA256
e51fe517af7c5e00a484199d6aed86aaec898fabc294c43ac3190c95c770f6e1
-
SHA512
f1cd2717a731f27addd1eaa6fc5cdd9c57963e8963dcdb57a20ec61225d22787eb9fe66c631eacfb6a76d5d8b2a54c7fd68c0995e52348eb021b6559c90e144b
Malware Config
Extracted
asyncrat
0.5.7B
chongmei33.publicvm.com:49746
chongmei33.publicvm.com:2703
chongmei33.publicvm.com:49714
chongmei33.publicvm.com:49703
185.165.153.116:49746
185.165.153.116:2703
185.165.153.116:49714
185.165.153.116:49703
54.37.36.116:49746
54.37.36.116:2703
54.37.36.116:49714
54.37.36.116:49703
185.244.30.92:49746
185.244.30.92:2703
185.244.30.92:49714
185.244.30.92:49703
dongreg202020.duckdns.org:49746
dongreg202020.duckdns.org:2703
dongreg202020.duckdns.org:49714
dongreg202020.duckdns.org:49703
word_6SI86kPnk
-
aes_key
Hz9AIk2iuw31bDO3o1GepDyHZ5vVJkGp
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
SEPT G8
-
host
chongmei33.publicvm.com,185.165.153.116,54.37.36.116,185.244.30.92,dongreg202020.duckdns.org,178.33.222.241,rahim321.duckdns.org,79.134.225.92,37.120.208.36
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
word_6SI86kPnk
-
pastebin_config
null
-
port
49746,2703,49714,49703
-
version
0.5.7B
Targets
-
-
Target
Payment Copy.exe
-
Size
492KB
-
MD5
7252677dff6c881ecbab4f53d6c0a344
-
SHA1
838f0094d88eed0154411b16d5d03b424a272c19
-
SHA256
e51fe517af7c5e00a484199d6aed86aaec898fabc294c43ac3190c95c770f6e1
-
SHA512
f1cd2717a731f27addd1eaa6fc5cdd9c57963e8963dcdb57a20ec61225d22787eb9fe66c631eacfb6a76d5d8b2a54c7fd68c0995e52348eb021b6559c90e144b
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-