General
-
Target
PO20002106.exe
-
Size
695KB
-
Sample
210106-28563v9wwa
-
MD5
823cbb9bac152ecf6d251f686ffa1ab5
-
SHA1
c9beb84d2505636820bd357abba5af0cd5a47c52
-
SHA256
6a552b03353efc74c7871b59d8844ee8990a224de336ca893e1b74d10cd4b16b
-
SHA512
30268ed85b8b3d2d3c2d8a4ef9f0207d546be06c83cdd163b11c11ba788c159e8324c2142e946e873a017d6c3f8922550331b3ea4b25c4c02c6448c3029110b6
Static task
static1
Behavioral task
behavioral1
Sample
PO20002106.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
null:null
AsyncMutex_6SI8OkPnk
-
aes_key
yFdiISTMNVqtdBU1VShPLhZnkF6gdamp
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
billion
-
host
null
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/Q5Dxj1fY
-
port
null
-
version
0.5.7B
Targets
-
-
Target
PO20002106.exe
-
Size
695KB
-
MD5
823cbb9bac152ecf6d251f686ffa1ab5
-
SHA1
c9beb84d2505636820bd357abba5af0cd5a47c52
-
SHA256
6a552b03353efc74c7871b59d8844ee8990a224de336ca893e1b74d10cd4b16b
-
SHA512
30268ed85b8b3d2d3c2d8a4ef9f0207d546be06c83cdd163b11c11ba788c159e8324c2142e946e873a017d6c3f8922550331b3ea4b25c4c02c6448c3029110b6
-
Async RAT payload
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-