General
-
Target
Order_1101201918_AUTECH.exe
-
Size
780KB
-
Sample
210105-jkxee3qsaj
-
MD5
0c13fd1c14c7b5ec9c069c3c824c7788
-
SHA1
688af4adffd3e279761a41c949edd2c9bdf70799
-
SHA256
139d70b24d7cd96624f1559a68d903c5e80b690def1b68a185b9f389b6565fe2
-
SHA512
1ad8a43d81e515342757ef0c204941583dbafb9da420fb9c25771f105bb5eb5e20d383ee4fdace652511b7b8f96533adaed3225c15ed2fa50c48ecc76b7849aa
Static task
static1
Behavioral task
behavioral1
Sample
Order_1101201918_AUTECH.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
null:null
chizzy25!@/@!7^UPCAZWSWAzZ!
-
aes_key
4eqytfgDE8DYWEFCKHecODZBbvb3Lq5L
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
F UUUUUUU 2
-
host
null
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
chizzy25!@/@!7^UPCAZWSWAzZ!
-
pastebin_config
https://pastebin.com/raw/HKYwiN9V
-
port
null
-
version
0.5.7B
Targets
-
-
Target
Order_1101201918_AUTECH.exe
-
Size
780KB
-
MD5
0c13fd1c14c7b5ec9c069c3c824c7788
-
SHA1
688af4adffd3e279761a41c949edd2c9bdf70799
-
SHA256
139d70b24d7cd96624f1559a68d903c5e80b690def1b68a185b9f389b6565fe2
-
SHA512
1ad8a43d81e515342757ef0c204941583dbafb9da420fb9c25771f105bb5eb5e20d383ee4fdace652511b7b8f96533adaed3225c15ed2fa50c48ecc76b7849aa
-
Async RAT payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-