General
-
Target
200CB4B34EA0E61FE8454731BF7A107A.exe
-
Size
1.9MB
-
Sample
210418-e8xhdclebx
-
MD5
200cb4b34ea0e61fe8454731bf7a107a
-
SHA1
a6121f8f7d8600c2278e90d5ae622c9b2d3b410b
-
SHA256
3deec916d94fabdc65168ebd8b5f072a702781064d13b10700d9a52998a669a3
-
SHA512
62c947626012a18c3a4644ff24909b1c2a3a427b1df4529139eb54bb74da12b5299aca0070d4b0deee168098ea7474207868644e82917bdbf130797f1676fe99
Static task
static1
Behavioral task
behavioral1
Sample
200CB4B34EA0E61FE8454731BF7A107A.exe
Resource
win7v20210408
Malware Config
Extracted
https://www.uplooder.net/f/tl/31/ee790edf8aa2f02c1ffb71003ad4a5c8/defender.mp3
Extracted
asyncrat
0.5.7B
46.1.54.174:87
46.1.54.174:85
AsyncMutex_6SI8OkPnk
-
aes_key
R77ian3L214LimJgd0qPoT0OH274e11M
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
strings
-
host
46.1.54.174
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
87,85
-
version
0.5.7B
Targets
-
-
Target
200CB4B34EA0E61FE8454731BF7A107A.exe
-
Size
1.9MB
-
MD5
200cb4b34ea0e61fe8454731bf7a107a
-
SHA1
a6121f8f7d8600c2278e90d5ae622c9b2d3b410b
-
SHA256
3deec916d94fabdc65168ebd8b5f072a702781064d13b10700d9a52998a669a3
-
SHA512
62c947626012a18c3a4644ff24909b1c2a3a427b1df4529139eb54bb74da12b5299aca0070d4b0deee168098ea7474207868644e82917bdbf130797f1676fe99
-
Async RAT payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-