General
-
Target
8febef9e39284335678e45955722d6a6
-
Size
617KB
-
Sample
211021-xbrmaabefr
-
MD5
8febef9e39284335678e45955722d6a6
-
SHA1
0f5de2557c7cef0c486157089cf2b761ca8839d7
-
SHA256
7fcb98579512e3df028c8199b530d8e027d55a871d2afb81aeb5994adac814bf
-
SHA512
e8b70e73b960b4fa3fa209baaf702990dc4a153cca85eca5a9586ab42dab82d99d6ecec15c9ed043cca2637710f2921f94b2a2b934c9960fe36514cdf4ceacbf
Static task
static1
Behavioral task
behavioral1
Sample
8febef9e39284335678e45955722d6a6.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
8febef9e39284335678e45955722d6a6.exe
Resource
win10-en-20210920
Malware Config
Extracted
asyncrat
0.5.7B
1
185.157.160.136:1973
df4Rtg34dFjwr7ujp3
-
anti_vm
false
-
bsod
false
-
delay
38
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
8febef9e39284335678e45955722d6a6
-
Size
617KB
-
MD5
8febef9e39284335678e45955722d6a6
-
SHA1
0f5de2557c7cef0c486157089cf2b761ca8839d7
-
SHA256
7fcb98579512e3df028c8199b530d8e027d55a871d2afb81aeb5994adac814bf
-
SHA512
e8b70e73b960b4fa3fa209baaf702990dc4a153cca85eca5a9586ab42dab82d99d6ecec15c9ed043cca2637710f2921f94b2a2b934c9960fe36514cdf4ceacbf
-
BitRAT Payload
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-