General
-
Target
bandock.exe
-
Size
528KB
-
Sample
210108-llmegl11la
-
MD5
b60a17c36afd3bac3b1c632d28bdb2a3
-
SHA1
a29a45c08ce68d7fbc3c63bb84ac48e554df9a52
-
SHA256
d79662a8895ef702fff42208228c9dadb87cad7fe14f2e95607cacd543537ff1
-
SHA512
fae2d3c2934a636151ab8c5b2eef3ffea1dda0dd2c9bf1bd601e41db995cea04a61343922fc1e4b3b145a69fa8e048b3c7634d4b1b77653855e013271edd7f93
Static task
static1
Behavioral task
behavioral1
Sample
bandock.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
sammiyoyo.linkpc.net:2552
sammiyoyo.linkpc.net:8805
sammiyoyo.linkpc.net:4795
egoyibouda.linkpc.net:2552
egoyibouda.linkpc.net:8805
egoyibouda.linkpc.net:4795
ifemelumma.linkpc.net:2552
ifemelumma.linkpc.net:8805
ifemelumma.linkpc.net:4795
AsyncMutex_6SI8OkPnk
-
aes_key
3k25awwPIyvGavUCHtSeJIcvbGI4RVWY
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
sammiyoyo.linkpc.net,egoyibouda.linkpc.net,ifemelumma.linkpc.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
2552,8805,4795
-
version
0.5.7B
Targets
-
-
Target
bandock.exe
-
Size
528KB
-
MD5
b60a17c36afd3bac3b1c632d28bdb2a3
-
SHA1
a29a45c08ce68d7fbc3c63bb84ac48e554df9a52
-
SHA256
d79662a8895ef702fff42208228c9dadb87cad7fe14f2e95607cacd543537ff1
-
SHA512
fae2d3c2934a636151ab8c5b2eef3ffea1dda0dd2c9bf1bd601e41db995cea04a61343922fc1e4b3b145a69fa8e048b3c7634d4b1b77653855e013271edd7f93
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-