General
-
Target
sample details.exe
-
Size
513KB
-
Sample
210103-h84dxhfh4x
-
MD5
1f438fdbc78b1b8e8944de8140a58729
-
SHA1
f3ddaeb5ad51025c3251b77ee006247cecca205e
-
SHA256
12d3ad6a4467daebd29194d962f95aae46cdcd52263e08f243586a8fbb060c5f
-
SHA512
d1c588134765dba5c87eabab3de2d157647836ed2b419fe9e7883c7477671266c5a490e8e2e3ea2aeef25c0d030a4b57cbdb132c016ccd2bbfdc7064f46a0126
Static task
static1
Behavioral task
behavioral1
Sample
sample details.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
null:null
AsyncMutex_6SI8OkPnk
-
aes_key
b8dOcyzjp8n8ZZClllDq0eJu2HC4JkWF
-
anti_detection
true
-
autorun
false
-
bdos
true
-
delay
Default
-
host
null
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/xBiaYesc
-
port
null
-
version
0.5.7B
Targets
-
-
Target
sample details.exe
-
Size
513KB
-
MD5
1f438fdbc78b1b8e8944de8140a58729
-
SHA1
f3ddaeb5ad51025c3251b77ee006247cecca205e
-
SHA256
12d3ad6a4467daebd29194d962f95aae46cdcd52263e08f243586a8fbb060c5f
-
SHA512
d1c588134765dba5c87eabab3de2d157647836ed2b419fe9e7883c7477671266c5a490e8e2e3ea2aeef25c0d030a4b57cbdb132c016ccd2bbfdc7064f46a0126
-
Async RAT payload
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-