General
-
Target
Order Sheet.exe
-
Size
2.6MB
-
Sample
210506-7mzvazp7k2
-
MD5
9bc1a47fdbd32cc92c94a9d1a84597ac
-
SHA1
63a5eb6563208137d12dd8fa4ede2e2c98e70033
-
SHA256
ae6d4b4b89654fbd35c69c05a85fd4a2b84edd7091ffe372f4ba7115c2b8fbf8
-
SHA512
559eef9b71eee6eeeb56f8d87462cdea654248de58b5155ae50062c917afddca680970d32ec6dd3b1b67ab8fb7ba23d6b0cf2dc5b2a89b560347481446f6778f
Static task
static1
Behavioral task
behavioral1
Sample
Order Sheet.exe
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
skylucky.duckdns.org:2404
AsyncMutex_6SI8OkPnk
-
aes_key
WvvgLAhzoLKP9nxmphWrFPmJaTYONf62
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
JakataAsync
-
host
skylucky.duckdns.org
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
2404
-
version
0.5.7B
Targets
-
-
Target
Order Sheet.exe
-
Size
2.6MB
-
MD5
9bc1a47fdbd32cc92c94a9d1a84597ac
-
SHA1
63a5eb6563208137d12dd8fa4ede2e2c98e70033
-
SHA256
ae6d4b4b89654fbd35c69c05a85fd4a2b84edd7091ffe372f4ba7115c2b8fbf8
-
SHA512
559eef9b71eee6eeeb56f8d87462cdea654248de58b5155ae50062c917afddca680970d32ec6dd3b1b67ab8fb7ba23d6b0cf2dc5b2a89b560347481446f6778f
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Async RAT payload
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-