General
-
Target
9731acc2acbf8329ae69f9d7d50e1998.exe
-
Size
484KB
-
Sample
211206-nevcxaggb6
-
MD5
9731acc2acbf8329ae69f9d7d50e1998
-
SHA1
9d99415d1675f423ebd82551ba1aee7acdccab58
-
SHA256
11dba92af0462cb18ac9c9ed81f104530819287f32be261915b706f83f6e04ad
-
SHA512
03bb2f6731916fb4d3e75edb4b6ec34479b5f76b32028900105e63a58a8be6e9c5a5952e79f73f2c05687c31baa25b5e09ff86614986b6da9f31f47546cc86ae
Static task
static1
Behavioral task
behavioral1
Sample
9731acc2acbf8329ae69f9d7d50e1998.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
9731acc2acbf8329ae69f9d7d50e1998.exe
Resource
win10-en-20211104
Malware Config
Extracted
asyncrat
0.5.7B
3
217.64.149.93:1973
df4Rtg34dFt5ynrew
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
9731acc2acbf8329ae69f9d7d50e1998.exe
-
Size
484KB
-
MD5
9731acc2acbf8329ae69f9d7d50e1998
-
SHA1
9d99415d1675f423ebd82551ba1aee7acdccab58
-
SHA256
11dba92af0462cb18ac9c9ed81f104530819287f32be261915b706f83f6e04ad
-
SHA512
03bb2f6731916fb4d3e75edb4b6ec34479b5f76b32028900105e63a58a8be6e9c5a5952e79f73f2c05687c31baa25b5e09ff86614986b6da9f31f47546cc86ae
-
BitRAT Payload
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-