General
-
Target
CHERRY.exe
-
Size
48KB
-
Sample
210227-cad7ds7tjj
-
MD5
820bd630f443e32a6ead06212ff6e95e
-
SHA1
9278a11d7bc5bc3b07d564a29f6d520bf10dc744
-
SHA256
2c79e9095dabbab194fc34801c8e08cc1adc9576e71642d9e9b5f986964ad26d
-
SHA512
cf2ff4dd6de9fbe4c159d72942d2b427c245d84dc60b268d0a8705c86922a7cb33ab53ba7aa4c0011f4b63c356b1dbfe194ef205392e9c9053bd7b1d6aea2f9a
Behavioral task
behavioral1
Sample
CHERRY.exe
Resource
win7v20201028
Malware Config
Extracted
asyncrat
0.5.7B
jamesalex13-32442.portmap.host:32442
AsyncMutex_2VI8tgPik
-
aes_key
LH6rs7V8nICHHwjuleXZSNJw5t2MZnAG
-
anti_detection
true
-
autorun
true
-
bdos
true
-
delay
Default
-
host
jamesalex13-32442.portmap.host
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_2VI8tgPik
-
pastebin_config
null
-
port
32442
-
version
0.5.7B
Targets
-
-
Target
CHERRY.exe
-
Size
48KB
-
MD5
820bd630f443e32a6ead06212ff6e95e
-
SHA1
9278a11d7bc5bc3b07d564a29f6d520bf10dc744
-
SHA256
2c79e9095dabbab194fc34801c8e08cc1adc9576e71642d9e9b5f986964ad26d
-
SHA512
cf2ff4dd6de9fbe4c159d72942d2b427c245d84dc60b268d0a8705c86922a7cb33ab53ba7aa4c0011f4b63c356b1dbfe194ef205392e9c9053bd7b1d6aea2f9a
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-