General
-
Target
8D74E2EF18E68405319A1090D20A0674.exe
-
Size
264KB
-
Sample
210506-3a7bq4k7b6
-
MD5
8d74e2ef18e68405319a1090d20a0674
-
SHA1
363c4e86dbf7f6ab65dcc79cedb07aa52ea12ed9
-
SHA256
2edc93f84e6911e5b86040964715868c82eb28c2b48cdbb2c72dee60cfe2f792
-
SHA512
6ab882ae5e24837037f3d18260f0b39f9f4b6110ebd2af86e14edebb6df201f389cc390e5af6213f5e93f1a238c55ace91910cf709dc82cfe709b6f49f958fd3
Static task
static1
Behavioral task
behavioral1
Sample
8D74E2EF18E68405319A1090D20A0674.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
8D74E2EF18E68405319A1090D20A0674.exe
Resource
win10v20210410
Malware Config
Extracted
asyncrat
0.5.7B
fact.azad.live:5380
societyf500.ddns.net:5380
AsyncMutex_6SI8OkPnk
-
aes_key
g5ATBHeFjqZicBQcW6MmoyX0Xhwz0tjW
-
anti_detection
false
-
autorun
true
-
bdos
false
-
delay
Default
-
host
fact.azad.live,societyf500.ddns.net
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
5380
-
version
0.5.7B
Targets
-
-
Target
8D74E2EF18E68405319A1090D20A0674.exe
-
Size
264KB
-
MD5
8d74e2ef18e68405319a1090d20a0674
-
SHA1
363c4e86dbf7f6ab65dcc79cedb07aa52ea12ed9
-
SHA256
2edc93f84e6911e5b86040964715868c82eb28c2b48cdbb2c72dee60cfe2f792
-
SHA512
6ab882ae5e24837037f3d18260f0b39f9f4b6110ebd2af86e14edebb6df201f389cc390e5af6213f5e93f1a238c55ace91910cf709dc82cfe709b6f49f958fd3
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-