General
-
Target
aba9ea59aab84849cf371965c19ef46c.exe
-
Size
88KB
-
Sample
211021-gm2nmaagcj
-
MD5
aba9ea59aab84849cf371965c19ef46c
-
SHA1
366050aca450a5d1ea67ea5b6b1902a60c721c01
-
SHA256
99988371c15bd38fc947d898dc6eeb0d425c98f7bd471d040c24c8c667bd2b0b
-
SHA512
f38d27e4a58492a59043cf8ee3df3eb317581f3fb98b59d6d1b32163acc83a403425a554e1974e60c857b3489cf1d49a0e6de8734a9a159fea4d6fe571302248
Behavioral task
behavioral1
Sample
aba9ea59aab84849cf371965c19ef46c.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
aba9ea59aab84849cf371965c19ef46c.exe
-
Size
88KB
-
MD5
aba9ea59aab84849cf371965c19ef46c
-
SHA1
366050aca450a5d1ea67ea5b6b1902a60c721c01
-
SHA256
99988371c15bd38fc947d898dc6eeb0d425c98f7bd471d040c24c8c667bd2b0b
-
SHA512
f38d27e4a58492a59043cf8ee3df3eb317581f3fb98b59d6d1b32163acc83a403425a554e1974e60c857b3489cf1d49a0e6de8734a9a159fea4d6fe571302248
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-