General
-
Target
2f858b2cdd1332777a75cb98481fe425.exe
-
Size
262KB
-
Sample
210726-taxvxbkkj2
-
MD5
2f858b2cdd1332777a75cb98481fe425
-
SHA1
3ff58b35d77a3f9759aad0168a52d95d6eb21643
-
SHA256
ba3c244413f003bbd093b5e3e082bb9b0914d5bd9e03526b0e4b4faf4eacc411
-
SHA512
57ba0490b16b4205ca328aebbbafa181dca48f24e3668e40e099922bde363571bbe6f8ee5f35059b7cdafdf1cece6e23c8926c0b7658076d827a033f3a9a8844
Static task
static1
Behavioral task
behavioral1
Sample
2f858b2cdd1332777a75cb98481fe425.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
2f858b2cdd1332777a75cb98481fe425.exe
-
Size
262KB
-
MD5
2f858b2cdd1332777a75cb98481fe425
-
SHA1
3ff58b35d77a3f9759aad0168a52d95d6eb21643
-
SHA256
ba3c244413f003bbd093b5e3e082bb9b0914d5bd9e03526b0e4b4faf4eacc411
-
SHA512
57ba0490b16b4205ca328aebbbafa181dca48f24e3668e40e099922bde363571bbe6f8ee5f35059b7cdafdf1cece6e23c8926c0b7658076d827a033f3a9a8844
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-