General
-
Target
2C701B9904603479C8E01A692383E396.exe
-
Size
7.0MB
-
Sample
210813-9vs8kb8vde
-
MD5
2c701b9904603479c8e01a692383e396
-
SHA1
c9662c1ee3ed00ea0f70d12a6e5ecfa50d1d9c77
-
SHA256
0a05f8788ca28d5f4e2ad838a36f83107326d3021fc5bc9824fe2c47dfd07712
-
SHA512
60e2e350e44c5676f283842d2af354b55b559c46eb3e1c8236c2abf87654845f7a6727da1aea824395b0d102a643790fb9eed55f729085dfee595aab259cf650
Static task
static1
Behavioral task
behavioral1
Sample
2C701B9904603479C8E01A692383E396.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2C701B9904603479C8E01A692383E396.exe
Resource
win10v20210410
Malware Config
Extracted
asyncrat
0.5.7B
null:null
AsyncMutex_6SI8OkPnk
-
aes_key
dDhvNMBYIS0cSEdqEZsTWnat4JCbi1fh
-
anti_detection
false
-
autorun
true
-
bdos
false
-
delay
ASE_2
-
host
null
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
https://aa.larinax999.repl.co
-
port
null
-
version
0.5.7B
Targets
-
-
Target
2C701B9904603479C8E01A692383E396.exe
-
Size
7.0MB
-
MD5
2c701b9904603479c8e01a692383e396
-
SHA1
c9662c1ee3ed00ea0f70d12a6e5ecfa50d1d9c77
-
SHA256
0a05f8788ca28d5f4e2ad838a36f83107326d3021fc5bc9824fe2c47dfd07712
-
SHA512
60e2e350e44c5676f283842d2af354b55b559c46eb3e1c8236c2abf87654845f7a6727da1aea824395b0d102a643790fb9eed55f729085dfee595aab259cf650
Score10/10-
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
-
Async RAT payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-