General
-
Target
ORDER-2114 doc.exe
-
Size
929KB
-
Sample
210115-5pemlt5m8s
-
MD5
918c64196f31842ff6f7abcd6c8602fa
-
SHA1
6148d8afff84c92dbd5fc74ae4dd936ba4783bb4
-
SHA256
ef49862573dc6f3a18094cb5a2644d1a0db366283ec46152e79bcf2f828440bc
-
SHA512
7c37c2710177f3cc4cadf91ca7bb9a6cea112afa0a006faf2d552d36b73ed36526af5a71812e043cbbcfff38df930afb883c27da5ebfab04c7a027e5abdb0e93
Malware Config
Extracted
asyncrat
0.5.7B
chongmei33.publicvm.com:49746
chongmei33.publicvm.com:2703
chongmei33.publicvm.com:49714
chongmei33.publicvm.com:49703
185.165.153.116:49746
185.165.153.116:2703
185.165.153.116:49714
185.165.153.116:49703
54.37.36.116:49746
54.37.36.116:2703
54.37.36.116:49714
54.37.36.116:49703
185.244.30.92:49746
185.244.30.92:2703
185.244.30.92:49714
185.244.30.92:49703
dongreg202020.duckdns.org:49746
dongreg202020.duckdns.org:2703
dongreg202020.duckdns.org:49714
dongreg202020.duckdns.org:49703
word_6SI86kPnk
-
aes_key
Hz9AIk2iuw31bDO3o1GepDyHZ5vVJkGp
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
SEPT G8
-
host
chongmei33.publicvm.com,185.165.153.116,54.37.36.116,185.244.30.92,dongreg202020.duckdns.org,178.33.222.241,rahim321.duckdns.org,79.134.225.92,37.120.208.36
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
word_6SI86kPnk
-
pastebin_config
null
-
port
49746,2703,49714,49703
-
version
0.5.7B
Targets
-
-
Target
ORDER-2114 doc.exe
-
Size
929KB
-
MD5
918c64196f31842ff6f7abcd6c8602fa
-
SHA1
6148d8afff84c92dbd5fc74ae4dd936ba4783bb4
-
SHA256
ef49862573dc6f3a18094cb5a2644d1a0db366283ec46152e79bcf2f828440bc
-
SHA512
7c37c2710177f3cc4cadf91ca7bb9a6cea112afa0a006faf2d552d36b73ed36526af5a71812e043cbbcfff38df930afb883c27da5ebfab04c7a027e5abdb0e93
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
-
Async RAT payload
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-