General
-
Target
LOI-20210510473689004882.7z
-
Size
441KB
-
Sample
211116-kwlkjsdac5
-
MD5
9b3f57576244887e6576841505312bc4
-
SHA1
af35cdc84fe9d5a965da74fe9f6554d29da2501f
-
SHA256
14f5b515b14887c84e5e18151d51d75d6df4aaccda161391060c6a71b786a18a
-
SHA512
712b2c778af2d3419ccf14de584bfd124750cb23a72546ffcabf1d3f995075417bc5a9dfa619af2e27861dd283f38e125b01ed5569b500eee1b6abe7bbd7a31d
Static task
static1
Behavioral task
behavioral1
Sample
LOI-20210510473689004882.exe
Resource
win7-en-20211104
Malware Config
Extracted
asyncrat
0.5.7B
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
127.0.0.1:3578
194.127.178.3:6606
194.127.178.3:7707
194.127.178.3:8808
194.127.178.3:3578
aliensoldier.duckdns.org:6606
aliensoldier.duckdns.org:7707
aliensoldier.duckdns.org:8808
aliensoldier.duckdns.org:3578
AsyncMutex_6SI8OkPnk
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
LOI-20210510473689004882.exe
-
Size
855KB
-
MD5
aa4f46e132510172e5beb140a7f03957
-
SHA1
2f6e2b495a79bdfe69b8ef0ecb3dd656d2d348a9
-
SHA256
f7daabadaa1974b529e8db367a07d128b60724cc54c4dfcc008c35c124b77929
-
SHA512
99dfb511267bc3072e9bfc42cc3bb8fe1bb32af7a303a03fa04ae46b9c5cbec2101d3e1e9a5c8011ceb3260c25d322e6f336bf63fe2b0b79600cb3c0e312bce5
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-