General
-
Target
e136f191f0f60e3468e4d2544593790b
-
Size
586KB
-
Sample
210915-hvcvxaaae8
-
MD5
e136f191f0f60e3468e4d2544593790b
-
SHA1
4c9f0804d19fd54de4c8ad8d0c4d8b9f60563d8c
-
SHA256
88b664a4ced04195d83f1964093c0a689fc174522ad9e8f8443d70a7f22cc757
-
SHA512
d348b6c23bc4f56b4632875b199bedae025df2f71012e4d3a2a7d26d75b762df840d6daf0c13ba7d843caf4417e669a87930c3fabb01bead4e2e100eb3348874
Static task
static1
Behavioral task
behavioral1
Sample
e136f191f0f60e3468e4d2544593790b.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
e136f191f0f60e3468e4d2544593790b.exe
Resource
win10-en
Malware Config
Extracted
asyncrat
0.5.7B
WIRE$$$$$$$$
severdops.ddns.net:6204
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
true
-
install_file
iconfx.exe
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
e136f191f0f60e3468e4d2544593790b
-
Size
586KB
-
MD5
e136f191f0f60e3468e4d2544593790b
-
SHA1
4c9f0804d19fd54de4c8ad8d0c4d8b9f60563d8c
-
SHA256
88b664a4ced04195d83f1964093c0a689fc174522ad9e8f8443d70a7f22cc757
-
SHA512
d348b6c23bc4f56b4632875b199bedae025df2f71012e4d3a2a7d26d75b762df840d6daf0c13ba7d843caf4417e669a87930c3fabb01bead4e2e100eb3348874
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-