General
-
Target
be96aa77ab7f76401001197bdb7d3e50
-
Size
950KB
-
Sample
211116-r2e4aaeca8
-
MD5
be96aa77ab7f76401001197bdb7d3e50
-
SHA1
1ef001ed0dfb0b2ca4b14775db3a9176cc4f9937
-
SHA256
49d69c50a7bfb5f2ae1b5c61af6c0ef870f08143a5548cb187e92461126c4147
-
SHA512
7ad1a3b65b13c2c708a568c7c2de91fc6960d80f7e7b77e26b4429a9c17e31baecdf0fe6d23a325cd7b2c4a613dbef3d7348409f8aba23ff6eeb7ddecc8a91eb
Static task
static1
Behavioral task
behavioral1
Sample
be96aa77ab7f76401001197bdb7d3e50.exe
Resource
win7-en-20211104
Malware Config
Extracted
asyncrat
1.0.7
Default
202.55.133.118:5200
DcRatMutex_qwqdanchun
-
anti_vm
false
-
bsod
false
-
delay
1
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
be96aa77ab7f76401001197bdb7d3e50
-
Size
950KB
-
MD5
be96aa77ab7f76401001197bdb7d3e50
-
SHA1
1ef001ed0dfb0b2ca4b14775db3a9176cc4f9937
-
SHA256
49d69c50a7bfb5f2ae1b5c61af6c0ef870f08143a5548cb187e92461126c4147
-
SHA512
7ad1a3b65b13c2c708a568c7c2de91fc6960d80f7e7b77e26b4429a9c17e31baecdf0fe6d23a325cd7b2c4a613dbef3d7348409f8aba23ff6eeb7ddecc8a91eb
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-