General
-
Target
sample1234.zip
-
Size
635KB
-
Sample
210415-w74xxxq3ts
-
MD5
29ae2619c95a76a2fd25721a86aa59ab
-
SHA1
13c765eb00d01369617e79efab3c2e21ac5e8c50
-
SHA256
2edd49d375ebc4673d759b8a135bced75c0ffb3c2e5b2e924ee2a6ed521d575a
-
SHA512
2ca34f9d3cf713f9161b99c7d83455f4a8072abe3c6ae566e06c8c177ccffce0bae4e5cbb8ce046683f2ca9423f3ff926115fc66b18d134fba27a0b091809af6
Static task
static1
Behavioral task
behavioral1
Sample
1234.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
1234.exe
Resource
win10v20210410
Malware Config
Extracted
asyncrat
:
- aes_key
- anti_detection
- autorun
- bdos
- delay
- host
-
hwid
{11111-22222-40001-00002}
- install_file
-
install_folder
{11111-22222-50001-00000}
- mutex
- pastebin_config
- port
- version
Targets
-
-
Target
1234.exe
-
Size
1.2MB
-
MD5
45de46aae024150078e249dec173a337
-
SHA1
bd1f8891836765f1c58777806cb82657b8c3bd7e
-
SHA256
554ac14fb25de9add3d66f0877a7da079bf6818a4957a21b2a618c6aac22b6c4
-
SHA512
2bb1d4d1908cc2534677f32861dd0185c2907508112d05434d731088a62f9f28071e8652111c2745dad28d4334c696471dc358ca9537b08e390157d5502def24
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-