General
-
Target
a208dc9a774f7ca9f5b258267183953b.exe
-
Size
524KB
-
Sample
210714-s4avgbnqh2
-
MD5
a208dc9a774f7ca9f5b258267183953b
-
SHA1
c1d5ccda7b0dcd9fad25b88123a7158b417fc698
-
SHA256
07afaa692f9b826c080cd9b1dc846bb8d6dc5404710241012f5c067d464692d3
-
SHA512
90f0147436afabc9e8a7177b75982d9c146b25a766a46f8ca33a7e2bc3be87d8536a8bdfa839c3a6e9a079486079632c2ee97b1af33c2ba9c248c97ecf59b4ca
Static task
static1
Behavioral task
behavioral1
Sample
a208dc9a774f7ca9f5b258267183953b.exe
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.7B
37.0.11.45:1604
37.0.11.45:3162
37.0.11.45:9495
37.0.11.45:448
AsyncMutex_6SI8OkPnk
-
aes_key
pKLwmhjVAyNL9HzHN02o82BM56qjUmJq
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
taskk
-
host
37.0.11.45
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
1604,3162,9495,448
-
version
0.5.7B
Targets
-
-
Target
a208dc9a774f7ca9f5b258267183953b.exe
-
Size
524KB
-
MD5
a208dc9a774f7ca9f5b258267183953b
-
SHA1
c1d5ccda7b0dcd9fad25b88123a7158b417fc698
-
SHA256
07afaa692f9b826c080cd9b1dc846bb8d6dc5404710241012f5c067d464692d3
-
SHA512
90f0147436afabc9e8a7177b75982d9c146b25a766a46f8ca33a7e2bc3be87d8536a8bdfa839c3a6e9a079486079632c2ee97b1af33c2ba9c248c97ecf59b4ca
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-