General
-
Target
VZ8WSCNqI5hk6UO.exe
-
Size
1MB
-
Sample
210726-d1h1ea4ls6
-
MD5
5624c43315cd655ce3162930ca5feecf
-
SHA1
9fe4a649a4c12e15bb19157c11f166d811e8e56a
-
SHA256
46aaee021fec9564e323cbb46072b15696f53cb48e153a6575ec8abc8feba35e
-
SHA512
8ddd7f8bf8283af1c28a3ac55793b3e9f761531ad3d11d7a9548dc686082ec924beb8468b7644486df403a8447178aebc4b6048bd7083633342442ce3ece0a9c
Static task
static1
Malware Config
Extracted
asyncrat
0.5.7B
wabbus02.duckdns.org:6606
wabbus02.duckdns.org:7707
wabbus02.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
aes_key
9qwxkQ2pkGzKNYyg3Ocjqt8oTvsTstZQ
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
Default
-
host
wabbus02.duckdns.org
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6606,7707,8808
-
version
0.5.7B
Targets
-
-
Target
VZ8WSCNqI5hk6UO.exe
-
Size
1MB
-
MD5
5624c43315cd655ce3162930ca5feecf
-
SHA1
9fe4a649a4c12e15bb19157c11f166d811e8e56a
-
SHA256
46aaee021fec9564e323cbb46072b15696f53cb48e153a6575ec8abc8feba35e
-
SHA512
8ddd7f8bf8283af1c28a3ac55793b3e9f761531ad3d11d7a9548dc686082ec924beb8468b7644486df403a8447178aebc4b6048bd7083633342442ce3ece0a9c
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-