General
-
Target
051988E2E2A1EF5E3A27C935E6B694268EEA61D3DC790.exe
-
Size
986KB
-
Sample
210724-6xgdhjyh8n
-
MD5
1de9a9696cb0de0c4b5d80a069f011c8
-
SHA1
ebcbec44ec2755337a49a84935a3917867d6e4f4
-
SHA256
051988e2e2a1ef5e3a27c935e6b694268eea61d3dc790b7e99d86560d772df8f
-
SHA512
8f8f848c9775472f51e70eb49020235d109a51f1be9f6f6b25389f7586fe4056b23f153317e50cafcbcd0ae40d7b95c395be28734090b32bbaa098afccfd52fd
Static task
static1
Behavioral task
behavioral1
Sample
051988E2E2A1EF5E3A27C935E6B694268EEA61D3DC790.exe
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
marianavilla3008o.duckdns.org:1020
AsyncMutex_6SI8OkPnk
-
aes_key
0BWUkyqcUqHqVx84fueTgswHmIDOrV5h
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
marianavilla3008o.duckdns.org,
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
1020
-
version
0.5.7B
Targets
-
-
Target
051988E2E2A1EF5E3A27C935E6B694268EEA61D3DC790.exe
-
Size
986KB
-
MD5
1de9a9696cb0de0c4b5d80a069f011c8
-
SHA1
ebcbec44ec2755337a49a84935a3917867d6e4f4
-
SHA256
051988e2e2a1ef5e3a27c935e6b694268eea61d3dc790b7e99d86560d772df8f
-
SHA512
8f8f848c9775472f51e70eb49020235d109a51f1be9f6f6b25389f7586fe4056b23f153317e50cafcbcd0ae40d7b95c395be28734090b32bbaa098afccfd52fd
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-