General
-
Target
SKM_C258201001130020005057.scr
-
Size
659KB
-
Sample
201230-7dylv87dx2
-
MD5
580aa11c0d139a04ac8d2aa22df1647e
-
SHA1
5669fcc6fe96260bb31d62b740e1a2856ca180a8
-
SHA256
6802b8b194e5599c2a3befc366103a354231d9b3777b021e285d09d59475f96d
-
SHA512
c04c7a61bf07812d557bdede0acd7f4a6c9a2c580065156f50d5d897adbfd5b0f174e621f3c785122a94f6b5cd56c054aedfbc47bf426ca3ae7c67e34378cdfd
Static task
static1
Behavioral task
behavioral1
Sample
SKM_C258201001130020005057.scr
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SKM_C258201001130020005057.scr
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.7B
severdops.ddns.net:6204
AsyncMutex_6SI8OkPnk
-
aes_key
FDJsIxZ6Ibj7ivHabCCCBblKX02EYCOK
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
severdops.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6204
-
version
0.5.7B
Targets
-
-
Target
SKM_C258201001130020005057.scr
-
Size
659KB
-
MD5
580aa11c0d139a04ac8d2aa22df1647e
-
SHA1
5669fcc6fe96260bb31d62b740e1a2856ca180a8
-
SHA256
6802b8b194e5599c2a3befc366103a354231d9b3777b021e285d09d59475f96d
-
SHA512
c04c7a61bf07812d557bdede0acd7f4a6c9a2c580065156f50d5d897adbfd5b0f174e621f3c785122a94f6b5cd56c054aedfbc47bf426ca3ae7c67e34378cdfd
Score10/10-
Modifies WinLogon for persistence
-
Async RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-