General
-
Target
RFQ.exe
-
Size
1.0MB
-
Sample
210118-ac4vjgcg1s
-
MD5
7195bce6da44b422e7b841c1ae2c2253
-
SHA1
fc9b00b7b346b80a88cf12b7ced06ce95e5cd686
-
SHA256
06df1e9bb7ab365ebd850980b89028d41f7280807719a0f598005fa3e220ec63
-
SHA512
9c8186c8f62f4cfe343e1cfc8abbe0d978c6b750a252c377250a1fa7f1a7d310e46031abcc179ee2d9235820bf9d40d3d3eafe2c335f44f6f16b5050ce551d32
Static task
static1
Behavioral task
behavioral1
Sample
RFQ.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
bigman2021.duckdns.org:6606
bigman2021.duckdns.org:7707
bigman2021.duckdns.org:8808
79.134.225.18:6606
79.134.225.18:7707
79.134.225.18:8808
AsyncMutex_6SI8OkPnk
-
aes_key
8HLIxjjLl31oyeuCdupeIJlMgShc597W
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
bigman2021.duckdns.org,79.134.225.18
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6606,7707,8808
-
version
0.5.7B
Targets
-
-
Target
RFQ.exe
-
Size
1.0MB
-
MD5
7195bce6da44b422e7b841c1ae2c2253
-
SHA1
fc9b00b7b346b80a88cf12b7ced06ce95e5cd686
-
SHA256
06df1e9bb7ab365ebd850980b89028d41f7280807719a0f598005fa3e220ec63
-
SHA512
9c8186c8f62f4cfe343e1cfc8abbe0d978c6b750a252c377250a1fa7f1a7d310e46031abcc179ee2d9235820bf9d40d3d3eafe2c335f44f6f16b5050ce551d32
-
Async RAT payload
-
Suspicious use of SetThreadContext
-