General
-
Target
OTT MT103_211412199807_OP03202101150042_20210119_6190008_1.exe
-
Size
1.4MB
-
Sample
210122-t1ej1lntha
-
MD5
2de834ec25ec7651ac8fc5ad2632d84a
-
SHA1
f2329a7d7326e5b8309c499241b62532f3a90bff
-
SHA256
87ca86e54af983557503b99b5c47702b129d2c361762ee246354f836cf2ff430
-
SHA512
5b385636d7113ba00c977befaa5a7402434e8a787748d8adde4a5c02b73a7408f8100175f62d169ad584afdbda5bd04226623933591b9b73868090eabc7d1a29
Static task
static1
Behavioral task
behavioral1
Sample
OTT MT103_211412199807_OP03202101150042_20210119_6190008_1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
OTT MT103_211412199807_OP03202101150042_20210119_6190008_1.exe
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.6D
meltdili.duckdns.org:8808
:8808
uqaueqtjitmvhewi
-
aes_key
HcAc1HXMTeGYmihRB0xyI7Qrdm6e5GJk
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
meltdili.duckdns.org,
-
hwid
1
- install_file
-
install_folder
%AppData%
-
mutex
uqaueqtjitmvhewi
-
pastebin_config
null
-
port
8808
-
version
0.5.6D
Targets
-
-
Target
OTT MT103_211412199807_OP03202101150042_20210119_6190008_1.exe
-
Size
1.4MB
-
MD5
2de834ec25ec7651ac8fc5ad2632d84a
-
SHA1
f2329a7d7326e5b8309c499241b62532f3a90bff
-
SHA256
87ca86e54af983557503b99b5c47702b129d2c361762ee246354f836cf2ff430
-
SHA512
5b385636d7113ba00c977befaa5a7402434e8a787748d8adde4a5c02b73a7408f8100175f62d169ad584afdbda5bd04226623933591b9b73868090eabc7d1a29
Score10/10-
Async RAT payload
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-