General
-
Target
Wexehhtqp-1.exe
-
Size
531KB
-
Sample
220116-slhd5sfhbn
-
MD5
4fc25c15ec17895569bcd9808efc8fa6
-
SHA1
1399cd1cc14f64e7a81806d1529e87c2e6a06d75
-
SHA256
85d1707c3b54c31f08d560194620da9a15b4a43f562f7eddf8ec7cd48a49f4a9
-
SHA512
f12e8b0114ecccf6d77f0f0f28dc6837b4827e97dbd31dea87a9cd7b5dc3c543bcb2121e4cc1f1d77bb3ea4a9104d88b48927a6331792c17541d9ce7ca5dee1c
Static task
static1
Behavioral task
behavioral1
Sample
Wexehhtqp-1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Wexehhtqp-1.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
asyncrat
0.5.7B
1111 --- OLD Torrents --- 1111
null:null
Aakn1515knAakn1515kn!
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
http://microsoft-service-checker.xyz/OCB-Async.txt
Targets
-
-
Target
Wexehhtqp-1.exe
-
Size
531KB
-
MD5
4fc25c15ec17895569bcd9808efc8fa6
-
SHA1
1399cd1cc14f64e7a81806d1529e87c2e6a06d75
-
SHA256
85d1707c3b54c31f08d560194620da9a15b4a43f562f7eddf8ec7cd48a49f4a9
-
SHA512
f12e8b0114ecccf6d77f0f0f28dc6837b4827e97dbd31dea87a9cd7b5dc3c543bcb2121e4cc1f1d77bb3ea4a9104d88b48927a6331792c17541d9ce7ca5dee1c
-
Modifies WinLogon for persistence
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Suspicious use of SetThreadContext
-