General
-
Target
qJiGYEJs.exe
-
Size
49KB
-
Sample
210417-lh4dp2xnc6
-
MD5
87d9e7f1e756d2cb1d5bc6e9415cd217
-
SHA1
673c133698597505b2a08b78c34460ac6aad3375
-
SHA256
a7997d254547bc1c1da4f6e00b47af6b389627b6b638ac1ffd793777edca9911
-
SHA512
c6f03b8cf37949d62421e93fa69a94ff4a9f04bda6c05169929791121f93d74a12d17d8477870947bae16950da4c673ec76d79975fab65afba4b9d7c66fcdbbe
Behavioral task
behavioral1
Sample
qJiGYEJs.exe
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.4J
hajrkn.duckdns.org:1604
floznsdysplsxgx
-
aes_key
XhXADMGMeuegYOjnN90TmGVTYzl1sOTh
-
anti_detection
false
-
autorun
true
-
bdos
false
- delay
-
host
hajrkn.duckdns.org
- hwid
- install_file
-
install_folder
%AppData%
-
mutex
floznsdysplsxgx
-
pastebin_config
null
-
port
1604
-
version
0.5.4J
Targets
-
-
Target
qJiGYEJs.exe
-
Size
49KB
-
MD5
87d9e7f1e756d2cb1d5bc6e9415cd217
-
SHA1
673c133698597505b2a08b78c34460ac6aad3375
-
SHA256
a7997d254547bc1c1da4f6e00b47af6b389627b6b638ac1ffd793777edca9911
-
SHA512
c6f03b8cf37949d62421e93fa69a94ff4a9f04bda6c05169929791121f93d74a12d17d8477870947bae16950da4c673ec76d79975fab65afba4b9d7c66fcdbbe
-
Async RAT payload
-
Executes dropped EXE
-