General
-
Target
108EAF14413F7CDD9F604E49493E9ACE.exe
-
Size
835KB
-
Sample
210619-q52g418lnx
-
MD5
108eaf14413f7cdd9f604e49493e9ace
-
SHA1
a284d52fee63659a2a6f3653a80755da207cfe97
-
SHA256
ceddcfa72226e91f7435facafe6631d1385ca4d246d242d5136ac4e9462b8611
-
SHA512
90d99f1ec38f215d8202fe5a1f655916b6052d986782df97fa212241003d36ecdaf5c43f5bb7838704c5fad87fc19639da569d0c45bdca564941606ed63a8e38
Static task
static1
Behavioral task
behavioral1
Sample
108EAF14413F7CDD9F604E49493E9ACE.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
108EAF14413F7CDD9F604E49493E9ACE.exe
Resource
win10v20210408
Malware Config
Extracted
asyncrat
0.5.7B
alemdar571.duckdns.org:59
alemdar571.duckdns.org:18
alemdar571.duckdns.org:4784
alemdar571.duckdns.org:5900
AsyncMutex_6SI8OkPnk
-
aes_key
lY8krPgIobK8M3LtrC7Eb7pALRZjw52Q
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
ZOOORT
-
host
alemdar571.duckdns.org
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
59,18,4784,5900
-
version
0.5.7B
Targets
-
-
Target
108EAF14413F7CDD9F604E49493E9ACE.exe
-
Size
835KB
-
MD5
108eaf14413f7cdd9f604e49493e9ace
-
SHA1
a284d52fee63659a2a6f3653a80755da207cfe97
-
SHA256
ceddcfa72226e91f7435facafe6631d1385ca4d246d242d5136ac4e9462b8611
-
SHA512
90d99f1ec38f215d8202fe5a1f655916b6052d986782df97fa212241003d36ecdaf5c43f5bb7838704c5fad87fc19639da569d0c45bdca564941606ed63a8e38
Score10/10-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-