General
-
Target
payment confirmation_16.01.2021.exe
-
Size
1.4MB
-
Sample
210118-p2z29y4kls
-
MD5
e3aea83c2ae72dfbaf7d887baa9d40da
-
SHA1
63b622b74f1e7ede93634c73d61384d431fbf199
-
SHA256
60f80dde8a53609fc7411854b9400a613c6978386ef05aa1bbedbfd2fc51814e
-
SHA512
100a267444667abf6e5ceb47157c92de523c6236fcdc07703c3b274f3e06ed35ab3a6040a87483e22d94758b35d71859df3dd2a22649cee9d41c2b05d6030eaa
Static task
static1
Behavioral task
behavioral1
Sample
payment confirmation_16.01.2021.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
bigman2021.duckdns.org:6606
bigman2021.duckdns.org:7707
bigman2021.duckdns.org:8808
79.134.225.18:6606
79.134.225.18:7707
79.134.225.18:8808
AsyncMutex_6SI8OkPnk
-
aes_key
8HLIxjjLl31oyeuCdupeIJlMgShc597W
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
bigman2021.duckdns.org,79.134.225.18
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6606,7707,8808
-
version
0.5.7B
Targets
-
-
Target
payment confirmation_16.01.2021.exe
-
Size
1.4MB
-
MD5
e3aea83c2ae72dfbaf7d887baa9d40da
-
SHA1
63b622b74f1e7ede93634c73d61384d431fbf199
-
SHA256
60f80dde8a53609fc7411854b9400a613c6978386ef05aa1bbedbfd2fc51814e
-
SHA512
100a267444667abf6e5ceb47157c92de523c6236fcdc07703c3b274f3e06ed35ab3a6040a87483e22d94758b35d71859df3dd2a22649cee9d41c2b05d6030eaa
-
Async RAT payload
-
Suspicious use of SetThreadContext
-