General
-
Target
PO-HDQ-52443-VTXOK-4584934.exe
-
Size
22KB
-
Sample
210723-wflqgsy6vn
-
MD5
d458750e9eb89bd8f97fd365773eba31
-
SHA1
c8cae1c126bf03d79502698d9b90520be2bfcc36
-
SHA256
6979809578bc2caf8da003a70023e86d66cd9aa7e4b8c4448b942931a908583f
-
SHA512
64c33c69ad2653d24865a969ffff5cd351abf080e64d2189f95df211f7f657fa0b70454e45c97a6b557ba760e761ef4cd3426aca5c32e38f84d7c1c04cffc204
Static task
static1
Behavioral task
behavioral1
Sample
PO-HDQ-52443-VTXOK-4584934.exe
Resource
win7v20210408
Malware Config
Extracted
asyncrat
0.5.6A
185.140.53.192:1515
grant123four5.ddns.net:1515
mewetkcokhrlmr
-
aes_key
2YCtMmTskUhh8TBzJJD3qNNyS40EuN7P
-
anti_detection
false
-
autorun
false
-
bdos
false
- delay
-
host
185.140.53.192,grant123four5.ddns.net
-
hwid
5
- install_file
-
install_folder
%AppData%
-
mutex
mewetkcokhrlmr
-
pastebin_config
null
-
port
1515
-
version
0.5.6A
Targets
-
-
Target
PO-HDQ-52443-VTXOK-4584934.exe
-
Size
22KB
-
MD5
d458750e9eb89bd8f97fd365773eba31
-
SHA1
c8cae1c126bf03d79502698d9b90520be2bfcc36
-
SHA256
6979809578bc2caf8da003a70023e86d66cd9aa7e4b8c4448b942931a908583f
-
SHA512
64c33c69ad2653d24865a969ffff5cd351abf080e64d2189f95df211f7f657fa0b70454e45c97a6b557ba760e761ef4cd3426aca5c32e38f84d7c1c04cffc204
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-